|
||||||||||
Eric Higgins said: > Hey guys, first I gotta say that I love m0n0wall. > > We have had some problems with ftp servers however. > > Symptom: > login works fine, but when you try to list, the client complains it > could not make a data connection. > > I was wondering if you are using the ip_conntrack_ftp module for > iptables? > > Just FYI, we are using NAT, and the firewall allows incoming tcp/udp > for ports 20-21. > > We were not using the one-to-one mode, but in doing so, and opening > some more ports, we were able to resolve the issue. > > Just wondering if I can get some thoughts back on this. > > Sorry I dont have all the details handy, but I can get them tomorrow > at work. Just resolved this issue here. Use 1:1 NAT, not server NAT I used these rules for FTP. Inbound NAT TCP 20 INTERNAL_IP 20 TCP 21 (FTP) INTERNAL_IP 21 (FTP) TCP 49152 - 65535 INTERNAL_IP 49152 - 65535 ftp passv TCP/UDP 53 (DNS) 192.168.0.20 53 (DNS) And of course there need to be firewall rules to allow connections on the WAN to connect to the INTERNAL_IP on those ports. Hope this helps. -- Neil Schneider pacneil_at_linuxgeek_dot_net http://www.paccomp.com Key fingerprint = 67F0 E493 FCC0 0A8C 769B 8209 32D7 1DB1 8460 C47D Fires can't be made with dead embers, nor can enthusiasm be stirred by spiritless men. Enthusiasm in our daily work lightens effort and turns even labor into pleasant tasks. --James Baldwin |