I want thank everybody for their help and suggestions. I now have a much
better understanding of PORT vs PASV ftp then I did before a couple days
ago. I will look for a 3rd party FTP daemon that is a bit more m0n0wall
> -----Original Message-----
> From: Sancho2k.net Lists [mailto:lists at sancho2k dot net]
> Sent: Wednesday, March 30, 2005 12:34 AM
> To: Danny Puckett
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] PASV FTP
> Danny Puckett wrote:
> > I tried this with an extra public IP, but the FTP server is still
> > passing back its private address to the client.
> > 227 Entering Passive Mode (192,168,2,21,78,49)
> I'm not being snide here, but can't use you use one of the great free
> FTP daemons that works properly in modern environments such as yours?
> For example, PureFTPd supports the following option:
> -P ip address or host name
> Force the specified IP address in reply to a
> PASV/EPSV/SPSV command. If the server is behind a
> masquerading (NAT) box that doesn't properly handle
> stateful FTP masquerading, put the ip address of
> that box here. If you have a dynamic IP address,
> you can use a symbolic host name (probably the one
> of your gateway), that will be resolved every time
> a new client will connect.
> Otherwise, you may look at a packet filtering software that "properly
> handles stateful masquerading."