Yeah, this will happen with average brain-dead FTP servers (IIS, for
instance). You'll need to get a decent third-party FTPd that allows you
to specify the IP address to use for passive transfers. You then plug
in the external IP you setup on the 1:1 in m0n0.
Oh, and that previous message wasn't to the list... ;) This one is
From: Danny Puckett [mailto:dpuckett at comresource dot com]
Sent: Tuesday, March 29, 2005 9:05 PM
To: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] PASV FTP
I tried this with an extra public IP, but the FTP server is still
passing back its private address to the client.
227 Entering Passive Mode (192,168,2,21,78,49)
Chris Buechler wrote:
> On Tue, 29 Mar 2005 15:46:18 -0500, Danny Puckett
> <dpuckett at comresource dot com> wrote:
>>I have tried to get this to work using NAT 1:1 but I am not having any
> You'll need a spare public IP, assuming you have one and have that
>>Does 1:1 open all ports up?
> No. It only opens up what you allow to the destination of the private
> IP of the FTP server in rules on the WAN interface. i.e. if your FTP
> server is 192.168.1.2, you'd put a rule to allow source host/port
> any/any destination host 192.168.1.2 port 21 on the WAN interface to
> open 21.