[ previous ] [ next ] [ threads ]
 From:  Fred Wright <fw at well dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] ftp and per port
 Date:  Sun, 12 Sep 2004 15:36:12 -0700 (PDT)
On Fri, 3 Sep 2004, Chris Bagnall wrote:

> If your server is behind NAT then you can solve it by telling your FTP
> server to use a much smaller port range to use for PASV connections. I
> usually use something in the 439xx range.  You'll need 1 port for each
> concurrent session, so if you want to allow 100 users, set your PASV range
> to 43900 - 44000. You'll need to port forward that port range, and port 21
> to your FTP server box, and hopefully all should work fine.

It's not one port per session, it's one per file (including directory
listings) transferred within the time allowed for reusing ports (the
duration of the TCP TIME_WAIT state).  Getting skimpy with the port range
can get you in trouble, even with a small number of users.

					Fred Wright