[ previous ] [ next ] [ threads ]
 
 From:  Lance Mueller <badf00d2 at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Help with FTP
 Date:  Thu, 18 Aug 2005 09:22:05 -0700
I am new to m0n0wall and really like its features. I have setup a test
box and have been having trouble with configuring an FTP server in the
DMZ.

I have three interfaces:
WAN
LAN
DMZ

The FTP Server is in the DMZ and has a private 10.0.0.200 address
I have 5 public static IP addresses, for this example I will use 172.16.10.10.

I have created a Server NAT rule for that ip address 172.16.10.10. I
also have a proxy ARP entry for the external ip address, which is
different to answer ARP requests.

I have created a INBOUND NAT rule (and auto generated firewall rule)
of the following:

IF:WAN
Proto:TCP
ExtPort Range: 1-65000
NATIP 10.0.0.200 (ext: 172.16.10.10)
Int Port Range: 1-65000
Desc:FTP

I know this is opening up the DMZ way too much, but I am just trying
to test this out.

From an outside Internet connecting I can connect to the FTP and when
it issues the PASV command, it then stalls..... Here is the output
from the client:

[root@localhost root]# ftp -v -d 172.16.10.10
Connected to 172.16.10.10 (172.16.10.10).
220 FTP server at 10.0.0.200 ready.
Name (172.16.10.10:root): admin
---> USER admin
331 Password please.
Password:
---> PASS XXXX
230 User logged in.
---> SYST
215 UNIX Type: L8
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
---> PASV
227 Entering Passive Mode (10,0,0,200,4,92)
ftp: connect: Connection timed out

I cannot get any file listing....

I do have a firewall rule which allows all traffic from the DMZ->
OUTSIDE. From the FTP server I can surf our onto the Internet.


Any ideas?

thanks, 
-lance-