On Tue, 26 Aug 2003, Binitim Dimais (Yahoo) wrote:
> Thank you again. Well, I did enable 'enhanced nat' and deleted all Inbound
> and 1:1 NAT configurations as well as any auto-created firewall-rule as a
> result of NAT. Then I created a mapping in the outbound section in order to
> allow internet connectivity inside my lan and added a firewall rule as
> proto: TCP
> source: *
> destination: 192.168.1.198 (ip number of pc running ftp service inside my
> port: 21 (ftp)
Can't connect at all, or can't do anything involving a data connection?
If you use passive mode FTP, the entire block of ephemeral ports
potentially used by the server would need to be allowed (which isn't
especially abd, but it's not the default). Active mode would get around
this, but could present problems at the client end if it has a firewall
and/or NAT. Some NAT implementations have a special "FTP hack" to get
around this. OpenBSD uses a transparent application proxy.