Re: [m0n0wall] NAT and packet filters for passive-mode FTP

From:	Brian Lloyd <brian dash wb6rqn at lloyd dot com>
To:	Christopher M. Iarocci <iarocci at eastendsc dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] NAT and packet filters for passive-mode FTP
Date:	Tue, 28 Oct 2008 22:49:43 +0000

On Oct 28, 2008, at 9:29 PM, Christopher M. Iarocci wrote:

> Brian Lloyd wrote:
>> I have a host behind m0n0wall/NAT running FTP in passive mode. This  
>> means that the incoming data channel connection must be NATed to  
>> the internal address (this appears to be working) but the IP  
>> address in the passive connection command needs to be rewritten by  
>> the router to the external address rather than the internal  
>> address. Is there a way to get M0nowall to do this?
>>
>> Thanks in advance.
>>
>>
>>
>> Brian Lloyd
>> Granite Bay Montessori School          9330 Sierra College Bl
>> brian AT gbmontessori DOT com          Roseville, CA 95661
>> +1.916.367.2131 (voice)                +1.791.912.8170 (fax)
>>
> That is a function of the FTP server, not the firewall.  Most FTP  
> servers have this very setting just for this application.

Thank you. I have never seen that option in the FTP server but I have  
seen (and used) the rewriting feature for the FTP "port" command in  
routers before which is why I asked the question.

Brian Lloyd
Granite Bay Montessori School          9330 Sierra College Bl
brian AT gbmontessori DOT com          Roseville, CA 95661
+1.916.367.2131 (voice)                +1.791.912.8170 (fax)

PGP key ID:          12095C52A32A1B6C
PGP key fingerprint: 3B1D BA11 4913 3254 B6E0  CC09 1209 5C52 A32A 1B6C