[ previous ] [ next ] [ threads ]
 
 From:  "Simon Buob" <simon dot buob at lan dot ch>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] FTP server behind monowall
 Date:  Sun, 1 Oct 2006 22:30:28 +0200
> I'm not so sure that's configurable on IIS.

It is not as far i know and regarding to some newsgroup posts..
you can only configure the passive port range
http://support.microsoft.com/?scid=kb%3Ben-us%3B555022&x=19&y=12
So configure your FTP with a public IP or take another FTP Software.

Regards Simon



-----Original Message-----
From: Bryan K. Brayton [mailto:bryan at sonicburst dot net] 
Sent: Sunday, October 01, 2006 10:11 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: RE: [m0n0wall] FTP server behind monowall

I'm not so sure that's configurable on IIS.  Every answer I've ever seen to
that question is "it's by design, your NAT router should be rewriting FTP
PASV responses".
 
Never mind that if you encrypt the ftp data or run your ftp server on
non-standard ports, then that approach won't work either.
 
You may want to start looking at other FTP software and forgetting that IIS
even has an FTP component.
 
-Bryan

________________________________

From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
Sent: Sun 10/1/2006 3:36 PM
To: Chris K Ellsworth
Cc: Kimmo Jaskari; m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] FTP server behind monowall



I've been googling for about an hour... I don't know if my mind is just shot
this weekend, or if it's really just that hard to find. It has to be a key
to add, since I searched the entire registry also for strings/data and
couldn't find anything.

If anyone can help this would save me, and from what I see, MANY others a
lot of headache.

Thanks.

On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
>
> IIRC its in the registry, you might have 2 google alittle for it.
>
> On Oct 1, 2006, at 12:07 PM, Jimmy Bones (Mhottie) wrote:
>
> > I've been ripping my hair out over this also... it seems that IIS
> > has no
> > option (that I know of yet) to set what external IP to answer with
> > in the
> > passive answer. The internal server is on a 192.x.x.x address, and has
> > server nat forwarding port 21 to it.
> >
> > IIS responds with it's internal ip address in the passive command
> > exchange.
> >
> > How can you set in IIS via script or registry the external IP addr?
> > I am
> > either not searching for the right info, or it's just not there.
> >
> > -J
> >
> > On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> >>
> >> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
> >>
> >> > This server does not work as it should, and it is not because of
> >> your
> >> > firewall, but because of your server config. Your server is clearly
> >> > passing it's own IP back to the client. It should not be doing
> >> that.
> >> > Your firewall does not do that, the server does. I'm not
> >> familiar with
> >>
> >> Quote from the Filezilla server documentation (or faq, don't
> >> remember):
> >>
> >> --
> >> Further you have to allow a port range for incoming connections for
> >> passive mode transfers. You can specify this port range on the
> >> "passive mode settings" page in the settings dialog in the server
> >> interface. In most cases, a range like 5000-5100 is sufficient. With
> >> certain firewalls, it may be possible that FileZilla can't
> >> determinate
> >> the external IP address. In this case you have to enter the IP
> >> address
> >> (or your host name) on the passive mode page in the settings dialog.
> >> --
> >>
> >> You are opening a lot of ports needlessly for passive. A hundred
> >> would
> >> be enough for all but very active servers. I use 20 for my home box
> >> and that's probably overkill.
> >>
> >> You also need to go to the passive mode page in the settings dialog,
> >> as per the quote above, and enter the external IP or host name of
> >> your
> >> connection there. If you have a dynamic IP and a DynDNS service set
> >> up, put the DynDNS domain name there.
> >>
> >> You'll need port 21 incoming to forward to the machine with the FTP
> >> server and you'll need at least port 20/21 outgoing from it open; you
> >> probably have it all open the way many m0n0wall users do, and that's
> >> fine.
> >>
> >> --
> >> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> >>
> >> Progress isn't made by early risers. It's made by lazy men trying to
> >> find easier ways to do something.
> >>   - Robert Heinlein
> >>
> >> ---------------------------------------------------------------------
> >> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>
> >>
>
>
smime.p7s (4.1 KB, application/x-pkcs7-signature)