[ previous ] [ next ] [ threads ]
 From:  "Chris Bagnall" <m0n0wall at minotaur dot cc>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] ftp and per port
 Date:  Fri, 3 Sep 2004 10:58:30 +0100
> > login works fine, but when you try to list, the client complains it 
> > could not make a data connection.

I'm not sure if the problem you describe is when *you* connect to an FTP
server from behind NAT, or that your FTP server is behind NAT?

If the former, you should be able to resolve this issue by switching your
FTP client into PASV mode.

If your server is behind NAT then you can solve it by telling your FTP
server to use a much smaller port range to use for PASV connections. I
usually use something in the 439xx range.  You'll need 1 port for each
concurrent session, so if you want to allow 100 users, set your PASV range
to 43900 - 44000. You'll need to port forward that port range, and port 21
to your FTP server box, and hopefully all should work fine.

> > I was wondering if you  are using the ip_conntrack_ftp module for 
> > iptables?

M0n0wall is FreeBSD-based, so iptables isn't involved at all. I'll have to
defer to someone with more *BSD knowledge on whether a similar module exists
for *BSD.


C.M. Bagnall, Partner, Minotaur
Tel: (07010) 710715   Mobile: (07811) 332969
ICQ: 13350579   AIM: MinotaurUK   MSN: minotauruk at hotmail dot com   Y!:
This email is made from 100% recycled electrons