Re: [m0n0wall] NAT and packet filters for passive-mode FTP

From:	"Christopher M. Iarocci" <iarocci at eastendsc dot com>
To:	Brian Lloyd <brian dash wb6rqn at lloyd dot com>
Cc:	m0n0wall at lists dot m0n0 dot ch
Subject:	Re: [m0n0wall] NAT and packet filters for passive-mode FTP
Date:	Wed, 29 Oct 2008 06:39:00 -0400

Brian Lloyd wrote:
>
> On Oct 28, 2008, at 9:29 PM, Christopher M. Iarocci wrote:
>
>> Brian Lloyd wrote:
>>> I have a host behind m0n0wall/NAT running FTP in passive mode. This 
>>> means that the incoming data channel connection must be NATed to the 
>>> internal address (this appears to be working) but the IP address in 
>>> the passive connection command needs to be rewritten by the router 
>>> to the external address rather than the internal address. Is there a 
>>> way to get M0nowall to do this?
>>>
>>> Thanks in advance.
>>>
>>>
>>>
>>> Brian Lloyd
>>> Granite Bay Montessori School          9330 Sierra College Bl
>>> brian AT gbmontessori DOT com          Roseville, CA 95661
>>> +1.916.367.2131 (voice)                +1.791.912.8170 (fax)
>>>
>> That is a function of the FTP server, not the firewall.  Most FTP 
>> servers have this very setting just for this application.
>
> Thank you. I have never seen that option in the FTP server but I have 
> seen (and used) the rewriting feature for the FTP "port" command in 
> routers before which is why I asked the question.
If you let us know which FTP server you're using, one of us might be 
able to point you in the direction of the setting I referred to.