How is it possibile to get an ftpserver (pure-ftpd) working on lan both
in passive and active mode with a nat made by monowall firewall from a
natted ftp client?
I searched the mailing list archives but I didn't find anything that
solves my problems.
First of all my network config:
public addresses :22.214.171.124 - 126.96.36.199
I got some inbound nat on 188.8.131.52 to 192.168.0.4 for mail and http.
ftpserver:192.168.0.4 (on lan)
I tried the following solutions:
-server nat activated on 184.108.40.206
-inbound nat on the ip 220.127.116.11 as external ip and 192.168.1.4 as
-allowed traffic from any port to port 21 on 192.168.0.1
-pure-ftpd with -N flag (force clients in active mode)
-configured pure-ftpd with PassivePortRange set to 1024 - 5000
ForcePassiveIP set to 18.104.22.168
From everywhere passive mode: ok, active mode ko
I made a 1 to 1 nat 22.214.171.124 <-> 192.168.0.4 and configured
pure-ftpd with PassivePortRange set to 1024 - 5000
ForcePassiveIP set to 126.96.36.199.
(the rules applied by inbound nats defined for 188.8.131.52 are applied
also to the traffic directed to 184.108.40.206, so in this way the 1 to 1
nat doesn't expose me to any addictional risk).
All works ok from everywhere in active and passive mode.
This last configuration is very dirty and obviously I don't like to
waste an ip address only for ftp (and some other nat-unfriendly protos).
A workaround is to use the -N flag in pure-ftpd, to force clients to go
in active mode, but if I want to serve in both modes what could I do?
May outbound nat help me in some way?
Is there anybody who would tell me some hint?
(Ip addresses shown here are obviously faked.)
Thanks in advance