[ previous ] [ next ] [ threads ]
 
 From:  "Danny Puckett" <dpuckett at comresource dot com>
 To:  "Marko Vukovic" <marko at aquamanta dot co dot za>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] FTP behind a m0n0
 Date:  Tue, 7 Mar 2006 16:41:19 -0500
If I remember correctly, when I had this problem I had to use a FTP
server with the ability to masquerade the IP address of the public
address for the data connection. By default the FTP server would say
'connect to me at this port and this address' but would use its local
address. I had to also configure a small range of ports (something high)
to use for the PASV connection and forward those back to the FTP server.

PS. IIS does NOT have this option.  You can set the PASV ports but not
the masquerade.

> -----Original Message-----
> From: Marko Vukovic [mailto:marko at aquamanta dot co dot za] 
> Sent: Tuesday, March 07, 2006 2:28 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] FTP behind a m0n0
> 
> On Sun, 2006-03-05 at 01:59 +0100, NetworxStudios wrote:
> > Hi,
> > I am strugling to get my ftp-server to respond in a correct 
> way after 
> > starting using m0n0wall.
> > Can someone tell me how this is so much more difficult for 
> m0n0 than 
> > for other firewalls?
> 
> FTP is one of those 'special' protocols that requires a 
> protocol, or application specific proxy or some other 
> mechanism. Why? Because it uses multiple ports.
> 
> Have you tried using 1:1 NAT with/without ProxyARP?
> 
> > I have a server behind the firewall that accepts passive 
> connections 
> > and active ones. This has worked out just fine earlier.
> 
> What do you mean by 'earlier' - you're sounding like a 
> (l)user :P please elaborate!
> 
> > Now I cant ls the ftp at all when using active connection.
> > With passive I am not having any luck connection at all.
> 
> Hmmm, strange that you cannot even connect.
> 
> > I am using Serv-U (and IIS ftp) on the server(s). Difficult to edit 
> > which ports the passive should be used also...
> 
> Are you sure you want to open IIS to the outside world?
> 
> Please do some trouble-shooting, eg turn on logging etc.
> 
> Do also give us an indication of your m0n0 config, it doesn't 
> help if we have to guess.
> 
> Ciao
> --
> Marko
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> 
>