[ previous ] [ next ] [ threads ]
 From:  Paul Taylor <PaulTaylor at winn dash dixie dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Using Registered IPs on LAN with FTP?
 Date:  Wed, 21 Sep 2005 13:40:37 -0400


            I ran into an issue today that where a client PC could connect
to a remote FTP server, but could not upload a file.  In looking at the
logs, the FTP-data connection back to the client was sourced from port 20
and it was being blocked.  This is with "Advanced Outbound NAT" enabled and
no rules for this interface, as the users on this interface are using
registered IP addresses.  I added a rule to allow the FTP server to send
packets in the WAN interface sourced from port 20, but I don't like this
solution...  Either I must keep it wide open so that all users will be able
to FTP without issue, or I must keep a list of FTP servers that users need
access to...  Neither sounds good...


            I thought that perhaps I could add an advanced outbound NAT
statement to grab FTP traffic and perform NAT on it...  Unfortunately,
though, I do not seem to have that level of control.


            Any suggestions on how to best accomplish this in Monowall?  Can
it be done via command line access with ipnat?