[ previous ] [ next ] [ threads ]
 From:  "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sun, 10 Sep 2006 23:49:31 +0300
On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:

> This server does not work as it should, and it is not because of your
> firewall, but because of your server config. Your server is clearly
> passing it's own IP back to the client. It should not be doing that.
> Your firewall does not do that, the server does. I'm not familiar with

Quote from the Filezilla server documentation (or faq, don't remember):

Further you have to allow a port range for incoming connections for
passive mode transfers. You can specify this port range on the
"passive mode settings" page in the settings dialog in the server
interface. In most cases, a range like 5000-5100 is sufficient. With
certain firewalls, it may be possible that FileZilla can't determinate
the external IP address. In this case you have to enter the IP address
(or your host name) on the passive mode page in the settings dialog.

You are opening a lot of ports needlessly for passive. A hundred would
be enough for all but very active servers. I use 20 for my home box
and that's probably overkill.

You also need to go to the passive mode page in the settings dialog,
as per the quote above, and enter the external IP or host name of your
connection there. If you have a dynamic IP and a DynDNS service set
up, put the DynDNS domain name there.

You'll need port 21 incoming to forward to the machine with the FTP
server and you'll need at least port 20/21 outgoing from it open; you
probably have it all open the way many m0n0wall users do, and that's

-{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--

Progress isn't made by early risers. It's made by lazy men trying to
find easier ways to do something.
  - Robert Heinlein