Ftp behind firewall/nat
Erik Norgaard
norgaard at locolomo.org
Tue Feb 1 01:16:56 PST 2005
eric wyzerski wrote:
> My setup work wells with Active ftp but not with passive ftp. Your setup
> doestnt work with passive ftp. From ipfilter faq:
> # I have an FTP server behind an IPF firewall, and I'm having problems
> serving passive FTP.
Sorry, from your original post it was not clear to me if your problem
was ftp-client behind nat or ftp-server behind nat. The solution I gave
solve the ftp-client behind nat problem, both active and passive ftp.
The IPF howto also notes that setting up an ftp server behind a NAT is a
mess and one should _not_ try to reverse the setup for ftp-client behind
nat. I don't have the solution for server behind nat.
> passive ports 0.0.0.0/0 32768 49151
> passive address your.pub.IP.addr 0.0.0.0/0
I don't know what is standard or if there is one, but IANA has assigned
ports > 49151 for dynamic port allocation, which seems to suggest that
the ports chosen should be in that interval.
Cheers, Erik
--
Ph: +34.666334818 web: http://www.locolomo.org
S/MIME Certificate: http://www.locolomo.org/crt/2004071206.crt
Subject ID: A9:76:7A:ED:06:95:2B:8D:48:97:CE:F2:3F:42:C8:F2:22:DE:4C:B9
Fingerprint: 4A:E8:63:38:46:F6:9A:5D:B4:DC:29:41:3F:62:D3:0A:73:25:67:C2
More information about the freebsd-questions
mailing list