[ previous ] [ next ] [ threads ]
 From:  Manuel Kasper <mk at neon1 dot net>
 To:  Paul Hormis <phormis at blur dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Another weird FTP problem...
 Date:  Sun, 21 Sep 2003 10:20:39 +0200 (CEST)
On Sat, 20 Sep 2003, Paul Hormis wrote:

> I can connect no problem from within my LAN with either a browser or an
> FTP client.
> As soon as I try from work (outside my LAN) I have permission problems.

Probably the classical passive-mode-FTP-server-behind-NAT problem. Try
setting your FTP client(s) for active mode FTP. Unfortunately, ipfilter
does not provide an FTP proxy for incoming connections, only for outgoing,
so it's really difficult to run a passive mode FTP server behind NAT.
Active mode has the downside that some firewalls don't handle it properly
(in active mode, the server establishes a connection to the client for
data transfers, and the firewall needs to install a temporary rule to
permit that inbound connection. m0n0wall does that, but only for outbound