[ previous ] [ next ] [ threads ]
 
 From:  "Danny Puckett" <dpuckett at comresource dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PASV FTP
 Date:  Wed, 30 Mar 2005 07:48:36 -0500
I want thank everybody for their help and suggestions.  I now have a much
better understanding of PORT vs PASV ftp then I did before a couple days
ago.  I will look for a 3rd party FTP daemon that is a bit more m0n0wall
friendly.  

Thanks

> -----Original Message-----
> From: Sancho2k.net Lists [mailto:lists at sancho2k dot net]
> Sent: Wednesday, March 30, 2005 12:34 AM
> To: Danny Puckett
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] PASV FTP
> 
> Danny Puckett wrote:
> > I tried this with an extra public IP, but the FTP server is still
> > passing back its private address to the client.
> >
> > 227 Entering Passive Mode (192,168,2,21,78,49)
> 
> I'm not being snide here, but can't use you use one of the great free
> FTP daemons that works properly in modern environments such as yours?
> For example, PureFTPd supports the following option:
> 
>        -P ip address or host name
>               Force the  specified  IP  address  in  reply  to  a
>               PASV/EPSV/SPSV  command.  If the server is behind a
>               masquerading (NAT) box that doesn't properly handle
>               stateful  FTP  masquerading,  put the ip address of
>               that box here. If you have a  dynamic  IP  address,
>               you  can use a symbolic host name (probably the one
>               of your gateway), that will be resolved every  time
>               a new client will connect.
> 
> Otherwise, you may look at a packet filtering software that "properly
> handles stateful masquerading."
> 
> DS
smime.p7s (4.0 KB, application/x-pkcs7-signature)