[ previous ] [ next ] [ threads ]
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] LS Command for FTP is not passed by m0n0wall 1.22 PC Image
 Date:  Fri, 23 Jun 2006 08:37:12 -0500
Thanks for the info, I tried using PASV ports but PASV just will not 
work through m0n0wall.  The only thing that did work without much fuss 
was active FTP.  It's really never been an issue before until I upgraded 
to 1.22 PC Image, then I noticed the weirdness with FTP connections 
being dropped.  I did try doing a NAT 1:1 of a spare IP address and 
allow every single port to the machine, still had FTP transfer 
problems.  I'm not sure what else to try, everything else on my m0n0wall 
config works flawless, it's just the FTP that gets me, LOL.


Kimmo Jaskari wrote:
> "ls not working" is another way of saying that only the control
> connection works and the data connection cannot be established. When
> you do an "ls" you are in fact asking for a data download, the data in
> this case the file listing. Downloading anything else won't work
> either.
> FTP is a very firewall-hostile (if you can say that) protocol, that
> opens up ports randomly all over the place. The most reliable way to
> solve it is to set up passive mode in the server and use that. This is
> all documented elsewhere, googling on ftp and firewalls will get you
> what you need.
> Basically, set up so you pass port 20 and 21 in to the ftp server and
> set up the ftp server to use a specific port span for incoming passive
> connects (dealers choice, I like to pick 10 ports in the five figures,
> or you could go with 2000-2010 for instance) and that should give you
> nice reliable ftp connects in passive mode.
> I doubt if this is anyway m0n0wall-related except that it is a
> firewall and thus is quite properly interfering.
> I could be wrong, if so I'm sure the people on the list will chime in
> on this issue.