Re: Res: Re: Res: Re: [m0n0wall] Problems with NAT in pb23r570??

From:	Francisco Reyes <lists at natserv dot com>
To:	Assinatura de Listas <assinarlistas at yahoo dot com dot br>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: Res: Re: Res: Re: [m0n0wall] Problems with NAT in pb23r570??
Date:	Thu, 8 Jan 2004 10:07:11 +0000 (GMT)

On Thu, 8 Jan 2004, Assinatura de Listas wrote:

> Where you able to get a directory listing from this ftp server: ftp://www
> recordgoias.com.br ?

This is probably because you are only enabling one of the two ports needed
by FTP. You need to enable ports 20 AND 21 for ftp to work.

> My FTP server is a machine that IS directly visible from outside... that is
> right! Maybe the NAT rule is working, but my question is why can't anybody
> get a directory listing anymore ever since I installed pb23r70?

Don't know why it stopped working.. maybe the previous version was doing
both ports when you indicated FTP. try manually setting/NATing both ports.
I usually only NAT single ports, but maybe for FTP you need to NAT both
ports. I know for sure FTP needs both ports.

> (My FTP server reports a connection by showing the connected ip number, then
> it reports the following error: 425 can't build a data connection.)

That sounds exactly like what I am describing. The data port is 20. The
command port is 21. If you have a FreeBSD, Linux or Unix like os check
/etc/services.