Andrej,

That'll be because you also need port 20 as well as port 21, that’s the ftp data port.  Usually
that’s the culprit if you can't get a file list.

Dan

 | -----Original Message-----
 | From: Andrej Fercic [mailto:andrej at pcklinika dot si] 
 | Sent: 09 June 2005 10:42
 | To: 'Markus Fischer'; m0n0wall at lists dot m0n0 dot ch
 | Subject: RE: [m0n0wall] Problem with active ftp
 | 
 | Yeap, I have a similar problem.
 | 
 | ISP <> m0n0 <> | FTPserver1 
 | 		 | FTPserver2
 | 		 | FTPserver3
 | 
 | Connection to my ISP is made by using PPPoE which returns an 
 | IP (DHCP) and it is A.B.C.193. I have olsa 5 more Ips which 
 | are all used with ServerNAT option + ProxyARP. So If I set a 
 | NAT rule to forward port 21 from WAN to LAN on default IP to 
 | one of my local server, FTP work. Bu I want to enable FTP on 
 | all my servers. So, If I do that and enable a NAT rule for 
 | port 21 on all other Ips, I can reach my FTP server from WAN 
 | side, I can LOGIN, but I NEVER get a file list. At this 
 | point is process stoped! 
 | 
 | Any Idea, what is wrong? Setup or it is a bug :(
 | 
 | Cheers,
 | 
 | Andrej
 | 
 | -----Original Message-----
 | From: Markus Fischer [mailto:markus at fischer dot name]
 | Sent: Thursday, June 09, 2005 10:42 AM
 | To: m0n0wall at lists dot m0n0 dot ch
 | Subject: [m0n0wall] Problem with active ftp
 | 
 | Hi,
 | 
 | I'm expiriencing a wierd situation with m0n0wall and active 
 | FTP connection to one of our partner hosts.
 | 
 | I'm opening the ftp connections are for some time (browsing 
 | to the rather big directory structure remotely) works. But 
 | often at one point, wenn the internal PORT command is issued 
 | the ftp client seems to hang and later stops because of a timeout.
 | 
 | Whenever this timeout happens, I find multiple entries in 
 | the firewall log:
 | 
 | block | WAN | remote-ip 21 | my-public-gatewat-ip 4000 | TCP
 | 
 | The port of the remote-ip is always 21, the port on the 
 | public ip of the gateway varies but is usually in the range 
 | 2000 to 4000 or so.
 | 
 | I have not set up any rule to block these. I even added a 
 | rule for testing to accept all packets from everything to 
 | everything, and still I got those reported as blocked in the 
 | firewall log.
 | 
 | I've tested multiple ftp clients, all exhibit the same 
 | problem. The administrator of the remote company said he did 
 | many hours of debugging at its best and could only come to 
 | the conclustion that he suspects a problem in the ftp-nat 
 | module of my firewall (m0n0wall). He says his firewall does 
 | state matching he can see that many tcp connections are not 
 | correctly initiated from our firewall; packets are dropped.
 | 
 | I'm using version 1.11, generic-pc.
 | 
 | thanks for any pointers,
 | 
 | - Markus
 | 
 | ---------------------------------------------------------------------
 | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
 | 
 | 
 | 
 | ---------------------------------------------------------------------
 | To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
 | For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
 | 
 | 
 | --
 | No virus found in this incoming message.
 | Checked by AVG Anti-Virus.
 | Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005
 |  
 | 

-- 
No virus found in this outgoing message.
Checked by AVG Anti-Virus.
Version: 7.0.323 / Virus Database: 267.6.6 - Release Date: 08/06/2005