[ previous ] [ next ] [ threads ]
 From:  "Jimmy Bones (Mhottie)" <mhottie at gmail dot com>
 To:  "Kimmo Jaskari" <kimmo dot jaskari at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sun, 1 Oct 2006 15:07:57 -0400
I've been ripping my hair out over this also... it seems that IIS has no
option (that I know of yet) to set what external IP to answer with in the
passive answer. The internal server is on a 192.x.x.x address, and has
server nat forwarding port 21 to it.

IIS responds with it's internal ip address in the passive command exchange.

How can you set in IIS via script or registry the external IP addr? I am
either not searching for the right info, or it's just not there.


On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
> > This server does not work as it should, and it is not because of your
> > firewall, but because of your server config. Your server is clearly
> > passing it's own IP back to the client. It should not be doing that.
> > Your firewall does not do that, the server does. I'm not familiar with
> Quote from the Filezilla server documentation (or faq, don't remember):
> --
> Further you have to allow a port range for incoming connections for
> passive mode transfers. You can specify this port range on the
> "passive mode settings" page in the settings dialog in the server
> interface. In most cases, a range like 5000-5100 is sufficient. With
> certain firewalls, it may be possible that FileZilla can't determinate
> the external IP address. In this case you have to enter the IP address
> (or your host name) on the passive mode page in the settings dialog.
> --
> You are opening a lot of ports needlessly for passive. A hundred would
> be enough for all but very active servers. I use 20 for my home box
> and that's probably overkill.
> You also need to go to the passive mode page in the settings dialog,
> as per the quote above, and enter the external IP or host name of your
> connection there. If you have a dynamic IP and a DynDNS service set
> up, put the DynDNS domain name there.
> You'll need port 21 incoming to forward to the machine with the FTP
> server and you'll need at least port 20/21 outgoing from it open; you
> probably have it all open the way many m0n0wall users do, and that's
> fine.
> --
> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> Progress isn't made by early risers. It's made by lazy men trying to
> find easier ways to do something.
>   - Robert Heinlein
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch