[ previous ] [ next ] [ threads ]
 
 From:  "Ron Carter" <wcarterjr at earthlink dot net>
 To:  "David Kitchens" <spider at webweaver dot com>, <m0n0wall at lists dot m0n0 dot ch>
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Sun, 1 Oct 2006 23:45:24 -0400
Just to put my two cents worth in on this topic.  I have test quite a few 
different FTP services.  All work about the same.  However I have found that 
Cerberus FTP works the best.  It is the only one that get around the 
firewall that they have at my place of employment.  As well it has the least 
issues and works well with all firewall that I have run behind.  It is easy 
to use and runs on xp, 2000, 2003.  It is one of the best applications that 
I have used for this purpose.

I do not know how many I tested but I tried, Soliarus 9,10, MS iis 5/6, reb 
hat two different verisons on sun and a vitrual PC but have always gone back 
to Cerberus.  I guess from a stand point of easy of use and it's feastues I 
just have run into no reason to find anything that works better.  I do have 
it set up for a friends that uses it to manage 10 different web sites for 
customers and we do not have any issues at all.  In fact it is faster and 
more secure than MS realeases.

Overall It is one of the best applications that I have and serveral people I 
know are now using based on the recommendations that I have given.
RC
----- Original Message ----- 
From: "David Kitchens" <spider at webweaver dot com>
To: <m0n0wall at lists dot m0n0 dot ch>
Sent: Sunday, October 01, 2006 8:06 PM
Subject: RE: [m0n0wall] FTP server behind monowall


> This MS KB article that Simon gives is the one that I used to get mine
> running. As long as you define the same ports in m0n0wall as you use in 
> IIS
> following this link everything should work properly. Until I found this KB 
> I
> could not make mine work.
>
> Dave
>
>> -----Original Message-----
>> From: Simon Buob [mailto:simon dot buob at lan dot ch]
>> Sent: Sunday, October 01, 2006 4:30 PM
>> To: m0n0wall at lists dot m0n0 dot ch
>> Subject: RE: [m0n0wall] FTP server behind monowall
>>
>> > I'm not so sure that's configurable on IIS.
>>
>> It is not as far i know and regarding to some newsgroup posts..
>> you can only configure the passive port range
>> http://support.microsoft.com/?scid=kb%3Ben-us%3B555022&x=19&y=12
>> So configure your FTP with a public IP or take another FTP Software.
>>
>> Regards Simon
>>
>>
>>
>> -----Original Message-----
>> From: Bryan K. Brayton [mailto:bryan at sonicburst dot net]
>> Sent: Sunday, October 01, 2006 10:11 PM
>> Cc: m0n0wall at lists dot m0n0 dot ch
>> Subject: RE: [m0n0wall] FTP server behind monowall
>>
>> I'm not so sure that's configurable on IIS.  Every answer
>> I've ever seen to that question is "it's by design, your NAT
>> router should be rewriting FTP PASV responses".
>>
>> Never mind that if you encrypt the ftp data or run your ftp
>> server on non-standard ports, then that approach won't work either.
>>
>> You may want to start looking at other FTP software and
>> forgetting that IIS even has an FTP component.
>>
>> -Bryan
>>
>> ________________________________
>>
>> From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
>> Sent: Sun 10/1/2006 3:36 PM
>> To: Chris K Ellsworth
>> Cc: Kimmo Jaskari; m0n0wall at lists dot m0n0 dot ch
>> Subject: Re: [m0n0wall] FTP server behind monowall
>>
>>
>>
>> I've been googling for about an hour... I don't know if my
>> mind is just shot this weekend, or if it's really just that
>> hard to find. It has to be a key to add, since I searched the
>> entire registry also for strings/data and couldn't find anything.
>>
>> If anyone can help this would save me, and from what I see,
>> MANY others a lot of headache.
>>
>> Thanks.
>>
>> On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
>> >
>> > IIRC its in the registry, you might have 2 google alittle for it.
>> >
>> > On Oct 1, 2006, at 12:07 PM, Jimmy Bones (Mhottie) wrote:
>> >
>> > > I've been ripping my hair out over this also... it seems that IIS
>> > > has no option (that I know of yet) to set what external
>> IP to answer
>> > > with in the passive answer. The internal server is on a 192.x.x.x
>> > > address, and has server nat forwarding port 21 to it.
>> > >
>> > > IIS responds with it's internal ip address in the passive command
>> > > exchange.
>> > >
>> > > How can you set in IIS via script or registry the
>> external IP addr?
>> > > I am
>> > > either not searching for the right info, or it's just not there.
>> > >
>> > > -J
>> > >
>> > > On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
>> > >>
>> > >> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
>> > >>
>> > >> > This server does not work as it should, and it is not
>> because of
>> > >> your
>> > >> > firewall, but because of your server config. Your server is
>> > >> > clearly passing it's own IP back to the client. It
>> should not be
>> > >> > doing
>> > >> that.
>> > >> > Your firewall does not do that, the server does. I'm not
>> > >> familiar with
>> > >>
>> > >> Quote from the Filezilla server documentation (or faq, don't
>> > >> remember):
>> > >>
>> > >> --
>> > >> Further you have to allow a port range for incoming
>> connections for
>> > >> passive mode transfers. You can specify this port range on the
>> > >> "passive mode settings" page in the settings dialog in
>> the server
>> > >> interface. In most cases, a range like 5000-5100 is sufficient.
>> > >> With certain firewalls, it may be possible that FileZilla can't
>> > >> determinate the external IP address. In this case you
>> have to enter
>> > >> the IP address (or your host name) on the passive mode
>> page in the
>> > >> settings dialog.
>> > >> --
>> > >>
>> > >> You are opening a lot of ports needlessly for passive. A hundred
>> > >> would be enough for all but very active servers. I use 20 for my
>> > >> home box and that's probably overkill.
>> > >>
>> > >> You also need to go to the passive mode page in the settings
>> > >> dialog, as per the quote above, and enter the external
>> IP or host
>> > >> name of your connection there. If you have a dynamic IP and a
>> > >> DynDNS service set up, put the DynDNS domain name there.
>> > >>
>> > >> You'll need port 21 incoming to forward to the machine
>> with the FTP
>> > >> server and you'll need at least port 20/21 outgoing from
>> it open;
>> > >> you probably have it all open the way many m0n0wall
>> users do, and
>> > >> that's fine.
>> > >>
>> > >> --
>> > >> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
>> > >>
>> > >> Progress isn't made by early risers. It's made by lazy
>> men trying
>> > >> to find easier ways to do something.
>> > >>   - Robert Heinlein
>> > >>
>> > >>
>> -------------------------------------------------------------------
>> > >> -- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
>> > >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>> > >>
>> > >>
>> >
>> >
>>
>>
>>
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>