Active-mode FTP routing question
Adam McLaurin
adam.mclaurin at gmx.net
Sat Oct 4 09:51:04 PDT 2003
Let me start off by mentioning that I do understand the FTP protocol quite well,
so we can keep replies focused on firewall/routing issues, instead of
re-explaining how FTP works.
Second, for my software: My firewall/router is running on FreeBSD
5.1-RELEASE-p8 with ipfilter/ipnat.
Here's the problem. One of the FTP servers that I visit frequently does not
run on port 21. As such, I cannot use 'proxy port ftp' in ipnat to punch a hole
for the returning active mode data connection (at least, I don't see any way
to use it).
I have two machines running behind my router, one running Windows 2000 with
FlashFXP, the other FreeBSD 5.1-R with lftp.
Now, lftp has an option 'ftp:port-range' to restrict the active mode ports to a
specific range. However, NAT seems to translate this port, because the PORT
command received by the server is NOT within the specified range.
Of course, if the remote FTP admin had passive mode working, this wouldn't be
any issue. However, I've been fighting with the guy for about 2 months, and he
simply won't do it.
So, the question is, how do I set up my ipfilter/ipnat to allow NAT'd clients to
access FTP's (not on port 21) with active mode? Is it possible? I don't see any
way, but maybe I'm not understanding everything here.
Please CC your reply to me (adam.mclaurin at gmx.net), as I am not subscribed to
this list.
Thanks,
Adam McLaurin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20031004/3d8ddbb9/attachment.bin
More information about the freebsd-net
mailing list