Re: [m0n0wall] Problem with active ftp

From:	"Bjoern Euler (lists at edain)" <lists at edain dot de>
To:	Andrej Fercic <andrej at pcklinika dot si>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] Problem with active ftp
Date:	Thu, 09 Jun 2005 16:29:27 +0200

Andrej Fercic schrieb:
> OK,
> 
> But why works in first CASE??? It is only FTP allowed (without extra port
> 20)?!
> 
> Andrej 

m0n0wall uses the proxy ftp feature of ipfilter. Per default a nat entry 
is generated that looks like that:

map wan_interface local_network -> 0.0.0.0/32 proxy port ftp ftp/tcp

This dynamically generates filter rules for the data channel of ftp.

See
http://www.obfuscation.org/ipf/ipf-howto.txt
section:
4.8.  Magic Hidden Within NAT; Application Proxies

Regards

-Bjoern Euler