Ftp behind firewall/nat

Dick Hoogendijk dick at nagual.st
Tue Feb 1 01:15:20 PST 2005

On 31 Jan eric wyzerski wrote:
> The solution is to explicitly tell your FTP server what to report as its 
> IP address, and give it a range of ports to give out as well.

> unix-server configuration file as follows: passive ports 
> 32768 49151
> passive address your.pub.IP.addr
> At the time of writing, it's been reported that Microsoft IIS's FTP
> server is not capable of being configured this way.

> so, my problem exactly this: the client try to connect to and
> not my external IP address. guess what? Im using IIS ftp server (I
> cant use anything else), so does there is a way to resolve this
> problem on doing something on the routeur (ipnat)?

Only "solution" is open all your high incoming ports. You don't want
that of course ;-)

There is NO other way PASS can be handled or redirected. You *need* to
know beforehand which ports exactly will be opened.

Aks microsoft why they won't support this feature. They are moving into
a more secure OS (at least they say they are..)

dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 4.11 ++ FreeBSD 5.3
+ Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja

More information about the freebsd-questions mailing list