[ previous ] [ next ] [ threads ]
 From:  Joseph Lo <josephlo71 at yahoo dot com>
 To:  Michael Brown <knightmb at knightmb dot dyndns dot org>, m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sat, 9 Sep 2006 16:32:53 -0700 (PDT)
Dear Michael,

Thank you for your feedback.

The thing that bug me is that there are reports from the net that an ftp server is fully functional
behind monowall and yet I can't get it working.

What I would like to get confirmation with the monowall forumn is that my setup in monowall is
actually correct and nothing is amiss.

I have an account with dyndns with hostname josephlo.homeunix.net.

If I ping josephlo.homeunix.net it will return the dynamic IP nos as assigned by my ISP. If I ftp
josephlo.homeunix.net it will return connect error, as you suggested, it could be because the ftp
server couldn't assign the tripper ports properly.

Could you try then to ftp to my hostname and see if it actually work?

Many thanks

Michael Brown <knightmb at knightmb dot dyndns dot org> wrote: Joseph,
I ran into this problem a while back, as first I thought m0n0wall was 
messing with the ftp server. I later found out that if you try to ftp 
through m0n0wall from behind another firewall, that's what the problem 
is. Some switch/NAT/firewalls don't assign the dynamic trigger ports 
properly which will cause the "LS" command and many others to fail. So 
since it can't list files, the ftp client will report an error or no 
connection. It doesn't matter if you use passive or active mode ftp, I 
found this issue with certain type of D-Link switches. If you remove the 
D-link from the loop, all of a sudden everything works like it should.

E-mail me and I can help test this for you, I have a few spare WAN IP 
that I can hook directly to a PC to test ftp connections with a simple 
guest account you could create for troubleshooting.


Joseph Lo wrote:
> Dear All,
> I know this is an age old question: how to setup ftp server behind monowall.
> I have searched the forum and read the monowall scratchpad. But I still can't get my ftp server to
work. I am hoping someone could enlighten me.
> Here is my setup.
> internet ----> monowall ----> switch ----> ftp server
> monowall is
> ftp server is I am using FileZilla on windows XP as some have suggested.
> Here are my monowall config
> Firewall NAT Inbound
> lf            proto     Ext. port range        NAT IP        Int. port range        Description
> WAN    TCP            20                              20                ftp
server port 20
> WAN    TCP            21                             21                ftp
server port 21
> WAN    TCP        55000-61000      55000-61000    ftp server
> Firewall NAT outbound
> Interface        source                Destination        Target            Description
> WAN            *                      ftp server
> Firewall rules
> Proto        Source            Port        Destination        Port                Destination
> TCP            *                       *         21                    FTP
server 1
> TCP            *                        *        55000-61000        FTP
server 2
> I have setup filezilla with passive mode settings
> External server IP address for passive mode transfer -> use the following IP ->
> I have also checked the tick box
> * Don't use external IP for local connections
> * use custom port range: 55000 - 61000
> When I use ftp client to connect to it work. When I use ftp client from external lan
to connect to my dynamic IP, it can't find the ftp server. by the way, I am using monowall's dyndns
server. Pinging my hostname (eg. hostname.homeunix.net) from the net work. 
> I have use Shield-up to check and it report that port 21 is open.
> I have tried many configuration and still can't get anything to work. 
> Please help
> Thank  you.
> Joseph
> ---------------------------------
> Get your own web address for just $1.99/1st yr. We'll help. Yahoo! Small Business.
> ---------------------------------
> How low will we go? Check out Yahoo! Messengerís low  PC-to-Phone call rates.

To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch

How low will we go? Check out Yahoo! Messengerís low  PC-to-Phone call rates.