[ previous ] [ next ] [ threads ]
 
 From:  "Jimmy Bones (Mhottie)" <mhottie at gmail dot com>
 To:  "Chris K Ellsworth" <ckellsworth at yahoo dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sun, 1 Oct 2006 17:31:55 -0400
Will FZ work with windows authentication? I don't want to maintain two
seperate users lists, etc.

My question would also be, though, then why isn't m0n0 re-writing the PASV
addr?

-J

On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
>
> i have found the same answers. allways leave it to microsoft to
> descide to leave something out.
>
> checkout filezilla.sf.net  is a nice ftp server and client.
>
> chris
>
> On Oct 1, 2006, at 1:11 PM, Bryan K. Brayton wrote:
>
> > I'm not so sure that's configurable on IIS.  Every answer I've ever
> > seen to that question is "it's by design, your NAT router should be
> > rewriting FTP PASV responses".
> >
> > Never mind that if you encrypt the ftp data or run your ftp server
> > on non-standard ports, then that approach won't work either.
> >
> > You may want to start looking at other FTP software and forgetting
> > that IIS even has an FTP component.
> >
> > -Bryan
> >
> > ________________________________
> >
> > From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
> > Sent: Sun 10/1/2006 3:36 PM
> > To: Chris K Ellsworth
> > Cc: Kimmo Jaskari; m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] FTP server behind monowall
> >
> >
> >
> > I've been googling for about an hour... I don't know if my mind is
> > just shot
> > this weekend, or if it's really just that hard to find. It has to
> > be a key
> > to add, since I searched the entire registry also for strings/data and
> > couldn't find anything.
> >
> > If anyone can help this would save me, and from what I see, MANY
> > others a
> > lot of headache.
> >
> > Thanks.
> >
> > On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
> >>
> >> IIRC its in the registry, you might have 2 google alittle for it.
> >>
> >> On Oct 1, 2006, at 12:07 PM, Jimmy Bones (Mhottie) wrote:
> >>
> >>> I've been ripping my hair out over this also... it seems that IIS
> >>> has no
> >>> option (that I know of yet) to set what external IP to answer with
> >>> in the
> >>> passive answer. The internal server is on a 192.x.x.x address,
> >>> and has
> >>> server nat forwarding port 21 to it.
> >>>
> >>> IIS responds with it's internal ip address in the passive command
> >>> exchange.
> >>>
> >>> How can you set in IIS via script or registry the external IP addr?
> >>> I am
> >>> either not searching for the right info, or it's just not there.
> >>>
> >>> -J
> >>>
> >>> On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> >>>>
> >>>> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
> >>>>
> >>>>> This server does not work as it should, and it is not because of
> >>>> your
> >>>>> firewall, but because of your server config. Your server is
> >>>>> clearly
> >>>>> passing it's own IP back to the client. It should not be doing
> >>>> that.
> >>>>> Your firewall does not do that, the server does. I'm not
> >>>> familiar with
> >>>>
> >>>> Quote from the Filezilla server documentation (or faq, don't
> >>>> remember):
> >>>>
> >>>> --
> >>>> Further you have to allow a port range for incoming connections for
> >>>> passive mode transfers. You can specify this port range on the
> >>>> "passive mode settings" page in the settings dialog in the server
> >>>> interface. In most cases, a range like 5000-5100 is sufficient.
> >>>> With
> >>>> certain firewalls, it may be possible that FileZilla can't
> >>>> determinate
> >>>> the external IP address. In this case you have to enter the IP
> >>>> address
> >>>> (or your host name) on the passive mode page in the settings
> >>>> dialog.
> >>>> --
> >>>>
> >>>> You are opening a lot of ports needlessly for passive. A hundred
> >>>> would
> >>>> be enough for all but very active servers. I use 20 for my home box
> >>>> and that's probably overkill.
> >>>>
> >>>> You also need to go to the passive mode page in the settings
> >>>> dialog,
> >>>> as per the quote above, and enter the external IP or host name of
> >>>> your
> >>>> connection there. If you have a dynamic IP and a DynDNS service set
> >>>> up, put the DynDNS domain name there.
> >>>>
> >>>> You'll need port 21 incoming to forward to the machine with the FTP
> >>>> server and you'll need at least port 20/21 outgoing from it
> >>>> open; you
> >>>> probably have it all open the way many m0n0wall users do, and
> >>>> that's
> >>>> fine.
> >>>>
> >>>> --
> >>>> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> >>>>
> >>>> Progress isn't made by early risers. It's made by lazy men
> >>>> trying to
> >>>> find easier ways to do something.
> >>>>   - Robert Heinlein
> >>>>
> >>>> -------------------------------------------------------------------
> >>>> --
> >>>> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> >>>> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >>>>
> >>>>
> >>
> >>
> >
> >
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>