[ previous ] [ next ] [ threads ]
 
 From:  Michael Brown <knightmb at knightmb dot dyndns dot org>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sat, 09 Sep 2006 12:46:04 -0500 
Joseph,
I ran into this problem a while back, as first I thought m0n0wall was 
messing with the ftp server. I later found out that if you try to ftp 
through m0n0wall from behind another firewall, that's what the problem 
is. Some switch/NAT/firewalls don't assign the dynamic trigger ports 
properly which will cause the "LS" command and many others to fail. So 
since it can't list files, the ftp client will report an error or no 
connection. It doesn't matter if you use passive or active mode ftp, I 
found this issue with certain type of D-Link switches. If you remove the 
D-link from the loop, all of a sudden everything works like it should.

E-mail me and I can help test this for you, I have a few spare WAN IP 
that I can hook directly to a PC to test ftp connections with a simple 
guest account you could create for troubleshooting.

Thanks,
Michael



Joseph Lo wrote:
> Dear All,
>
> I know this is an age old question: how to setup ftp server behind monowall.
>
> I have searched the forum and read the monowall scratchpad. But I still can't get my ftp server to
work. I am hoping someone could enlighten me.
>
> Here is my setup.
>
> internet ----> monowall ----> switch ----> ftp server
>
> monowall is 192.168.1.1
> ftp server is 192.168.1.2. I am using FileZilla on windows XP as some have suggested.
>
> Here are my monowall config
>
> Firewall NAT Inbound
> lf            proto     Ext. port range        NAT IP        Int. port range        Description
> WAN    TCP            20                            192.168.1.2            20                ftp
server port 20
> WAN    TCP            21                           192.168.1.2            21                ftp
server port 21
> WAN    TCP        55000-61000            192.168.1.2    55000-61000    ftp server
>
>
> Firewall NAT outbound
> Interface        source                Destination        Target            Description
> WAN        192.168.1.0/24            *                        192.168.1.2        ftp server
>
>
> Firewall rules
> Proto        Source            Port        Destination        Port                Destination
> TCP            *                       *           192.168.1.2        21                    FTP
server 1
> TCP            *                        *            192.168.1.2      55000-61000        FTP
server 2
>
> I have setup filezilla with passive mode settings
> External server IP address for passive mode transfer -> use the following IP -> 192.168.1.2
>
> I have also checked the tick box
> * Don't use external IP for local connections
> * use custom port range: 55000 - 61000
>
> When I use ftp client to connect to 192.168.1.2 it work. When I use ftp client from external lan
to connect to my dynamic IP, it can't find the ftp server. by the way, I am using monowall's dyndns
server. Pinging my hostname (eg. hostname.homeunix.net) from the net work. 
>
> I have use Shield-up to check and it report that port 21 is open.
>
> I have tried many configuration and still can't get anything to work. 
>
> Please help
>
> Thank  you.
> Joseph
>
>
>  				
> ---------------------------------
> Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.
>  		
> ---------------------------------
> How low will we go? Check out Yahoo! Messenger’s low  PC-to-Phone call rates.
>