[ previous ] [ next ] [ threads ]
 From:  "Christopher M. Iarocci" <iarocci at eastendsc dot com>
 To:  Brian Lloyd <brian dash wb6rqn at lloyd dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] NAT and packet filters for passive-mode FTP
 Date:  Wed, 29 Oct 2008 06:39:00 -0400
Brian Lloyd wrote:
> On Oct 28, 2008, at 9:29 PM, Christopher M. Iarocci wrote:
>> Brian Lloyd wrote:
>>> I have a host behind m0n0wall/NAT running FTP in passive mode. This 
>>> means that the incoming data channel connection must be NATed to the 
>>> internal address (this appears to be working) but the IP address in 
>>> the passive connection command needs to be rewritten by the router 
>>> to the external address rather than the internal address. Is there a 
>>> way to get M0nowall to do this?
>>> Thanks in advance.
>>> Brian Lloyd
>>> Granite Bay Montessori School          9330 Sierra College Bl
>>> brian AT gbmontessori DOT com          Roseville, CA 95661
>>> +1.916.367.2131 (voice)                +1.791.912.8170 (fax)
>> That is a function of the FTP server, not the firewall.  Most FTP 
>> servers have this very setting just for this application.
> Thank you. I have never seen that option in the FTP server but I have 
> seen (and used) the rewriting feature for the FTP "port" command in 
> routers before which is why I asked the question.
If you let us know which FTP server you're using, one of us might be 
able to point you in the direction of the setting I referred to.