On 4/7/05, Manuel Kasper <mk at neon1 dot net> wrote:
> It should be mentioned at this point (and hopefully once and for all)
> that ipnat (and thus m0n0wall) does indeed fix up PORT commands sent
> by FTP clients behind NAT to FTP servers on the Internet. Therefore,
> both active and passive FTP clients can be used behind m0n0wall (as
> long as NAT is on, which is the case in almost all setups). What
> doesn't work (and that's a limitation in ipnat) is fixup of PASV
> responses made by FTP servers behind m0n0wall. So at present, if you
> want to run an FTP server behind m0n0wall in passive mode (active
> mode is no problem), you need a static WAN IP address and a good FTP
> server that allows you to specify the IP address to be returned in
> PASV responses. Then, if you map/configure the proper port ranges,
> passive FTP servers behind m0n0wall will work too. Other than that,
> there are *no* restrictions to using FTP with m0n0wall (aside from
> the fact that EPRT/EPSV aren't supported, but these aren't in
> widespread use anyway).
Is there any way to disable (using a flag or a command in config.xml)
the automatic PORT translations done by ipnat? I always have funny
problems using FTP in Explicit auth mode from an FTP client in active
mode on the LAN to a server on OPT1 (DMZ). It works fine "sometimes"
when done without any type of explicit auth or implicit auth, but I
was just wondering if there is a way to disable this functionality?