We have a M0N0wall as a firewall with a Windows FTP server on the DMZ.
The firewall is in Bridge mode, all traffic is allowed from the DMZ to
the WAN. The WAN interface has rules set up for the different ports -
all works well.
Where I have a problem is with FTP. If I open port 21 incoming and
1024-50000 outgoing I can get FTP to work in Passive mode as long as the
client connecting to it (from the WAN interface) is not behind a NAT
router. Also, this setup forces me to open a lot of ports, disabling a
very large part of the security provided by the firewall.
I could not get Active mode to work (tried opening port 20) at all. A
proxy would probably work here, but as far as I know it is not
NAT is not set up on the M0n0wall machine (we have a router doing that
work) and we are currently running version pb20r555
built on Mon Nov 24 19:23:59 CET 2003