[ previous ] [ next ] [ threads ]
 
 From:  Chris K Ellsworth <ckellsworth at yahoo dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sun, 1 Oct 2006 13:29:01 -0700
i have found the same answers. allways leave it to microsoft to  
descide to leave something out.

checkout filezilla.sf.net  is a nice ftp server and client.

chris

On Oct 1, 2006, at 1:11 PM, Bryan K. Brayton wrote:

> I'm not so sure that's configurable on IIS.  Every answer I've ever  
> seen to that question is "it's by design, your NAT router should be  
> rewriting FTP PASV responses".
>
> Never mind that if you encrypt the ftp data or run your ftp server  
> on non-standard ports, then that approach won't work either.
>
> You may want to start looking at other FTP software and forgetting  
> that IIS even has an FTP component.
>
> -Bryan
>
> ________________________________
>
> From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
> Sent: Sun 10/1/2006 3:36 PM
> To: Chris K Ellsworth
> Cc: Kimmo Jaskari; m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] FTP server behind monowall
>
>
>
> I've been googling for about an hour... I don't know if my mind is  
> just shot
> this weekend, or if it's really just that hard to find. It has to  
> be a key
> to add, since I searched the entire registry also for strings/data and
> couldn't find anything.
>
> If anyone can help this would save me, and from what I see, MANY  
> others a
> lot of headache.
>
> Thanks.
>
> On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
>>
>> IIRC its in the registry, you might have 2 google alittle for it.
>>
>> On Oct 1, 2006, at 12:07 PM, Jimmy Bones (Mhottie) wrote:
>>
>>> I've been ripping my hair out over this also... it seems that IIS
>>> has no
>>> option (that I know of yet) to set what external IP to answer with
>>> in the
>>> passive answer. The internal server is on a 192.x.x.x address,  
>>> and has
>>> server nat forwarding port 21 to it.
>>>
>>> IIS responds with it's internal ip address in the passive command
>>> exchange.
>>>
>>> How can you set in IIS via script or registry the external IP addr?
>>> I am
>>> either not searching for the right info, or it's just not there.
>>>
>>> -J
>>>
>>> On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
>>>>
>>>> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
>>>>
>>>>> This server does not work as it should, and it is not because of
>>>> your
>>>>> firewall, but because of your server config. Your server is  
>>>>> clearly
>>>>> passing it's own IP back to the client. It should not be doing
>>>> that.
>>>>> Your firewall does not do that, the server does. I'm not
>>>> familiar with
>>>>
>>>> Quote from the Filezilla server documentation (or faq, don't
>>>> remember):
>>>>
>>>> --
>>>> Further you have to allow a port range for incoming connections for
>>>> passive mode transfers. You can specify this port range on the
>>>> "passive mode settings" page in the settings dialog in the server
>>>> interface. In most cases, a range like 5000-5100 is sufficient.  
>>>> With
>>>> certain firewalls, it may be possible that FileZilla can't
>>>> determinate
>>>> the external IP address. In this case you have to enter the IP
>>>> address
>>>> (or your host name) on the passive mode page in the settings  
>>>> dialog.
>>>> --
>>>>
>>>> You are opening a lot of ports needlessly for passive. A hundred
>>>> would
>>>> be enough for all but very active servers. I use 20 for my home box
>>>> and that's probably overkill.
>>>>
>>>> You also need to go to the passive mode page in the settings  
>>>> dialog,
>>>> as per the quote above, and enter the external IP or host name of
>>>> your
>>>> connection there. If you have a dynamic IP and a DynDNS service set
>>>> up, put the DynDNS domain name there.
>>>>
>>>> You'll need port 21 incoming to forward to the machine with the FTP
>>>> server and you'll need at least port 20/21 outgoing from it  
>>>> open; you
>>>> probably have it all open the way many m0n0wall users do, and  
>>>> that's
>>>> fine.
>>>>
>>>> --
>>>> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
>>>>
>>>> Progress isn't made by early risers. It's made by lazy men  
>>>> trying to
>>>> find easier ways to do something.
>>>>   - Robert Heinlein
>>>>
>>>> ------------------------------------------------------------------- 
>>>> --
>>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>>>>
>>>>
>>
>>
>
>