[ previous ] [ next ] [ threads ]
 
 From:  "David Kitchens" <spider at webweaver dot com>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] FTP server behind monowall
 Date:  Sun, 1 Oct 2006 20:06:42 -0400 
This MS KB article that Simon gives is the one that I used to get mine
running. As long as you define the same ports in m0n0wall as you use in IIS
following this link everything should work properly. Until I found this KB I
could not make mine work.

Dave

> -----Original Message-----
> From: Simon Buob [mailto:simon dot buob at lan dot ch] 
> Sent: Sunday, October 01, 2006 4:30 PM
> To: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] FTP server behind monowall
> 
> > I'm not so sure that's configurable on IIS.
> 
> It is not as far i know and regarding to some newsgroup posts..
> you can only configure the passive port range
> http://support.microsoft.com/?scid=kb%3Ben-us%3B555022&x=19&y=12
> So configure your FTP with a public IP or take another FTP Software.
> 
> Regards Simon
> 
> 
> 
> -----Original Message-----
> From: Bryan K. Brayton [mailto:bryan at sonicburst dot net]
> Sent: Sunday, October 01, 2006 10:11 PM
> Cc: m0n0wall at lists dot m0n0 dot ch
> Subject: RE: [m0n0wall] FTP server behind monowall
> 
> I'm not so sure that's configurable on IIS.  Every answer 
> I've ever seen to that question is "it's by design, your NAT 
> router should be rewriting FTP PASV responses".
>  
> Never mind that if you encrypt the ftp data or run your ftp 
> server on non-standard ports, then that approach won't work either.
>  
> You may want to start looking at other FTP software and 
> forgetting that IIS even has an FTP component.
>  
> -Bryan
> 
> ________________________________
> 
> From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
> Sent: Sun 10/1/2006 3:36 PM
> To: Chris K Ellsworth
> Cc: Kimmo Jaskari; m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] FTP server behind monowall
> 
> 
> 
> I've been googling for about an hour... I don't know if my 
> mind is just shot this weekend, or if it's really just that 
> hard to find. It has to be a key to add, since I searched the 
> entire registry also for strings/data and couldn't find anything.
> 
> If anyone can help this would save me, and from what I see, 
> MANY others a lot of headache.
> 
> Thanks.
> 
> On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
> >
> > IIRC its in the registry, you might have 2 google alittle for it.
> >
> > On Oct 1, 2006, at 12:07 PM, Jimmy Bones (Mhottie) wrote:
> >
> > > I've been ripping my hair out over this also... it seems that IIS 
> > > has no option (that I know of yet) to set what external 
> IP to answer 
> > > with in the passive answer. The internal server is on a 192.x.x.x 
> > > address, and has server nat forwarding port 21 to it.
> > >
> > > IIS responds with it's internal ip address in the passive command 
> > > exchange.
> > >
> > > How can you set in IIS via script or registry the 
> external IP addr?
> > > I am
> > > either not searching for the right info, or it's just not there.
> > >
> > > -J
> > >
> > > On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> > >>
> > >> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
> > >>
> > >> > This server does not work as it should, and it is not 
> because of
> > >> your
> > >> > firewall, but because of your server config. Your server is 
> > >> > clearly passing it's own IP back to the client. It 
> should not be 
> > >> > doing
> > >> that.
> > >> > Your firewall does not do that, the server does. I'm not
> > >> familiar with
> > >>
> > >> Quote from the Filezilla server documentation (or faq, don't
> > >> remember):
> > >>
> > >> --
> > >> Further you have to allow a port range for incoming 
> connections for 
> > >> passive mode transfers. You can specify this port range on the 
> > >> "passive mode settings" page in the settings dialog in 
> the server 
> > >> interface. In most cases, a range like 5000-5100 is sufficient. 
> > >> With certain firewalls, it may be possible that FileZilla can't 
> > >> determinate the external IP address. In this case you 
> have to enter 
> > >> the IP address (or your host name) on the passive mode 
> page in the 
> > >> settings dialog.
> > >> --
> > >>
> > >> You are opening a lot of ports needlessly for passive. A hundred 
> > >> would be enough for all but very active servers. I use 20 for my 
> > >> home box and that's probably overkill.
> > >>
> > >> You also need to go to the passive mode page in the settings 
> > >> dialog, as per the quote above, and enter the external 
> IP or host 
> > >> name of your connection there. If you have a dynamic IP and a 
> > >> DynDNS service set up, put the DynDNS domain name there.
> > >>
> > >> You'll need port 21 incoming to forward to the machine 
> with the FTP 
> > >> server and you'll need at least port 20/21 outgoing from 
> it open; 
> > >> you probably have it all open the way many m0n0wall 
> users do, and 
> > >> that's fine.
> > >>
> > >> --
> > >> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> > >>
> > >> Progress isn't made by early risers. It's made by lazy 
> men trying 
> > >> to find easier ways to do something.
> > >>   - Robert Heinlein
> > >>
> > >> 
> -------------------------------------------------------------------
> > >> -- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > >>
> > >>
> >
> >
> 
> 
>