[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: Not another IPF, FTP, and NAT question!@#$%
From:       Barry Callahan <barryc () rjlsystems ! com>
Date:       2003-01-30 2:59:37
[Download RAW message or body]

ProFTPD also lets you masquerade as a different (nat'ed) address.

David S. wrote:
>>Sorry everyone, I know this has been beaten to death, but I still can't
>>get both passive and active ftp working with my FTP server behind a NAT
>>gateway.
>>
>>I tried what was suggested at this posting in the archives:
>>http://false.net/ipfilter/2001_07/0222.html
>>
>>This did not work for me.  Only Active FTP is working, passive fails.
>>
>>Here is a snippet of a SmartFTP client log:
>>[snipped the beginning logon sequence]
>>...
>>200 Type set to A.
>>    PASV
>>227 Entering Passive Mode (10,0,0,10,193,98)
>>    Opening data connection IP: 10.0.0.10 PORT: 49506.
>>    A connection attempt failed because the connected party did not
>>properly respond after a period of time, or established connection
>>failed because connected host has failed to respond.
>>
>>
>>I thought with my above rules that the client would get back the
>>external IP address, but instead it gets 10.0.0.10.  Any ideas?
> 
> 
> Try another FTP server, like 'vsftpd' or 'pureftpd', that can be 
> configured to return an IP address other than that of its host.
> You also probably need to open a high port range, and configure
> the FTP server to use that port range, for passive connections.
> Again, that's possible with 'vsftpd', 'pureftpd', and some others.
> 
> David S.
> 
> 
>>
>>



[prev in list] [next in list] [prev in thread] [next in thread]