[ previous ] [ next ] [ threads ]
 
 From:  "Braden McGrath" <braden at mcmail dot homeip dot net>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] PASV FTP
 Date:  Wed, 30 Mar 2005 00:34:23 -0500
Yeah, this will happen with average brain-dead FTP servers (IIS, for
instance).  You'll need to get a decent third-party FTPd that allows you
to specify the IP address to use for passive transfers.  You then plug
in the external IP you setup on the 1:1 in m0n0.

Oh, and that previous message wasn't to the list... ;)  This one is
though.

--Braden

-----Original Message-----
From: Danny Puckett [mailto:dpuckett at comresource dot com] 
Sent: Tuesday, March 29, 2005 9:05 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] PASV FTP

I tried this with an extra public IP, but the FTP server is still 
passing back its private address to the client.

227 Entering Passive Mode (192,168,2,21,78,49)

Chris Buechler wrote:
> On Tue, 29 Mar 2005 15:46:18 -0500, Danny Puckett
> <dpuckett at comresource dot com> wrote:
> 
>>I have tried to get this to work using NAT 1:1 but I am not having any
luck.
> 
> 
> You'll need a spare public IP, assuming you have one and have that
setup ok.  
> 
> 
> 
>>Does 1:1 open all ports up?  
> 
> 
> No.  It only opens up what you allow to the destination of the private
> IP of the FTP server in rules on the WAN interface.  i.e. if your FTP
> server is 192.168.1.2, you'd put a rule to allow source host/port
> any/any destination host 192.168.1.2 port 21 on the WAN interface to
> open 21.
> 
> -Chris