[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: your mail - sorry for empty subject.



On Thu, Dec 20, 2001 at 01:09:57PM +0000, Andrew Pritchard wrote:
> > With portforwarding, it is possible to make both active and passive
> > connections. But with passive it is not possible to fetch any data. I
> > believe this is becasue my firewall (192.168.1.1) is not accepting the
> > FTP servers request to open a new port. Can I make a ipchains rule to allow
> > this?
> 
> Sounds like you've got a broken FTP server. Let me get this straight - you can 
> connect to the server, but you can't ls or get or put any data.

This is normal, if you do portforwarding, the ftp server will send the
internal IP Address to the client in response to the PASV command. This will
of course not work. Thats why ls and get hangs. The solution is, to use
eighter an reverse proxy like frox or jftpgw (or proxy suit from suse) or to
say by configuration, which the official ip address of the web server is
(some ftp daemons like proftp support this). In that case you aso need to
setup a forwarded range of ports which are pased 1:1 to the internal host.

Greetings
Bernd



Reply to: