|
||||||||
In data 02/09/2005 23.47 Peter ha scritto: >Since I locked down my DMZ I've noticed some clients that are using passive FTP are getting blocked outbound connections. Non passive is working fine. > >Any idea how I can fix this and why its happening? > >Regards, >Peter > > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch >For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch > > > > If you ftp server don't change ip address (eg. IIS), this may be a problem. For example: Ip address of FTP server 192.168.1.1/24 So you have a DMZ with this network, and a 1:1 NAT to the public ip (eg 80.80.80.80) When a client connect to 80.80.80.80 with ftp, in passive mode, put PASV command and you ftp server give an PORT 192.168.1.1,100,102 Note that the ip is your private ip address, so the client try to connect to ftp server on port 100,102 but with this local ip. Resolution: modify the config of your ftp server (MS IIS not give this config, use another ftp server). Bye v. |