[ previous ] [ next ] [ threads ]
 
 From:  "Jimmy Bones (Mhottie)" <mhottie at gmail dot com>
 To:  "David Kitchens" <spider at webweaver dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] FTP server behind monowall
 Date:  Mon, 2 Oct 2006 00:18:43 -0400
Yes, defining the port range to use for PASV is neccessary, and I have done
it... the problem is, IIS responds to PASV with the local machine (192.x.x.x)
address instead of the public one. I think this is behind most of the "IIS
isn't working" posts. In either the registry or the metabase xml file, there
has to be a way to input a public IP address manually, it's just clearly not
documented.

-J

On 10/1/06, David Kitchens <spider at webweaver dot com> wrote:
>
> This MS KB article that Simon gives is the one that I used to get mine
> running. As long as you define the same ports in m0n0wall as you use in
> IIS
> following this link everything should work properly. Until I found this KB
> I
> could not make mine work.
>
> Dave
>
> > -----Original Message-----
> > From: Simon Buob [mailto:simon dot buob at lan dot ch]
> > Sent: Sunday, October 01, 2006 4:30 PM
> > To: m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] FTP server behind monowall
> >
> > > I'm not so sure that's configurable on IIS.
> >
> > It is not as far i know and regarding to some newsgroup posts..
> > you can only configure the passive port range
> > http://support.microsoft.com/?scid=kb%3Ben-us%3B555022&x=19&y=12
> > So configure your FTP with a public IP or take another FTP Software.
> >
> > Regards Simon
> >
> >
> >
> > -----Original Message-----
> > From: Bryan K. Brayton [mailto:bryan at sonicburst dot net]
> > Sent: Sunday, October 01, 2006 10:11 PM
> > Cc: m0n0wall at lists dot m0n0 dot ch
> > Subject: RE: [m0n0wall] FTP server behind monowall
> >
> > I'm not so sure that's configurable on IIS.  Every answer
> > I've ever seen to that question is "it's by design, your NAT
> > router should be rewriting FTP PASV responses".
> >
> > Never mind that if you encrypt the ftp data or run your ftp
> > server on non-standard ports, then that approach won't work either.
> >
> > You may want to start looking at other FTP software and
> > forgetting that IIS even has an FTP component.
> >
> > -Bryan
> >
> > ________________________________
> >
> > From: Jimmy Bones (Mhottie) [mailto:mhottie at gmail dot com]
> > Sent: Sun 10/1/2006 3:36 PM
> > To: Chris K Ellsworth
> > Cc: Kimmo Jaskari; m0n0wall at lists dot m0n0 dot ch
> > Subject: Re: [m0n0wall] FTP server behind monowall
> >
> >
> >
> > I've been googling for about an hour... I don't know if my
> > mind is just shot this weekend, or if it's really just that
> > hard to find. It has to be a key to add, since I searched the
> > entire registry also for strings/data and couldn't find anything.
> >
> > If anyone can help this would save me, and from what I see,
> > MANY others a lot of headache.
> >
> > Thanks.
> >
> > On 10/1/06, Chris K Ellsworth <ckellsworth at yahoo dot com> wrote:
> > >
> > > IIRC its in the registry, you might have 2 google alittle for it.
> > >
> > > On Oct 1, 2006, at 12:07 PM, Jimmy Bones (Mhottie) wrote:
> > >
> > > > I've been ripping my hair out over this also... it seems that IIS
> > > > has no option (that I know of yet) to set what external
> > IP to answer
> > > > with in the passive answer. The internal server is on a 192.x.x.x
> > > > address, and has server nat forwarding port 21 to it.
> > > >
> > > > IIS responds with it's internal ip address in the passive command
> > > > exchange.
> > > >
> > > > How can you set in IIS via script or registry the
> > external IP addr?
> > > > I am
> > > > either not searching for the right info, or it's just not there.
> > > >
> > > > -J
> > > >
> > > > On 9/10/06, Kimmo Jaskari <kimmo dot jaskari at gmail dot com> wrote:
> > > >>
> > > >> On 9/10/06, Christopher M. Iarocci <iarocci at eastendsc dot com> wrote:
> > > >>
> > > >> > This server does not work as it should, and it is not
> > because of
> > > >> your
> > > >> > firewall, but because of your server config. Your server is
> > > >> > clearly passing it's own IP back to the client. It
> > should not be
> > > >> > doing
> > > >> that.
> > > >> > Your firewall does not do that, the server does. I'm not
> > > >> familiar with
> > > >>
> > > >> Quote from the Filezilla server documentation (or faq, don't
> > > >> remember):
> > > >>
> > > >> --
> > > >> Further you have to allow a port range for incoming
> > connections for
> > > >> passive mode transfers. You can specify this port range on the
> > > >> "passive mode settings" page in the settings dialog in
> > the server
> > > >> interface. In most cases, a range like 5000-5100 is sufficient.
> > > >> With certain firewalls, it may be possible that FileZilla can't
> > > >> determinate the external IP address. In this case you
> > have to enter
> > > >> the IP address (or your host name) on the passive mode
> > page in the
> > > >> settings dialog.
> > > >> --
> > > >>
> > > >> You are opening a lot of ports needlessly for passive. A hundred
> > > >> would be enough for all but very active servers. I use 20 for my
> > > >> home box and that's probably overkill.
> > > >>
> > > >> You also need to go to the passive mode page in the settings
> > > >> dialog, as per the quote above, and enter the external
> > IP or host
> > > >> name of your connection there. If you have a dynamic IP and a
> > > >> DynDNS service set up, put the DynDNS domain name there.
> > > >>
> > > >> You'll need port 21 incoming to forward to the machine
> > with the FTP
> > > >> server and you'll need at least port 20/21 outgoing from
> > it open;
> > > >> you probably have it all open the way many m0n0wall
> > users do, and
> > > >> that's fine.
> > > >>
> > > >> --
> > > >> -{ Kimmo Jaskari }--{ kimmo dot jaskari at gmail dot com }--
> > > >>
> > > >> Progress isn't made by early risers. It's made by lazy
> > men trying
> > > >> to find easier ways to do something.
> > > >>   - Robert Heinlein
> > > >>
> > > >>
> > -------------------------------------------------------------------
> > > >> -- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > > >> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> > > >>
> > > >>
> > >
> > >
> >
> >
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>