Re: problem with pasive MODE and NAT
Try loading two additional netfilter modules to do conection tracking for your
ftp conection called "ip_conntrack_ftp" and "ip_nat_ftp" this should sort out
your problem
Regards
Corne Alberts
Information Architect
Quoting Francisco Castillo <fcastillo@hostgreen.com>:
>
> Hello,
>
> I has a proftpd server on a linux debian woody with a NAT sheeme. So my
> proftpd is listening on the 192.168.0.X private ip and my router has
> mapping the ports from 40000 to 40010 from the public ip to the
> 192.168.0.X ip in order to allow pasive port transfers from internet. So
> i has this config on my proftpd.conf
>
> ....................
> # para el NAT
> MasqueradeAddress 217.00.00.214
> PassivePorts 40000 40010 # These ports should be safe
>
>
> but i has this problem:
>
> when i connect from a cuteftp client from a 192.168.0.Y ip the client get
> the correct pasive port to get data (40000) from the proftpd server but
> if i try to access from a public client ip (with cuteftp too) the server
> said to get a aleatorious port and not in the range 40000-40010
> COMANDO:> PASV
> 227 Entering Passive Mode (217,00,00,214,238,235)).
>
>
> 238,235 = 238*256 + 235 != 40000-40010
>
> so i ask
>
> what could be happening?
> How could i solve my problem?
>
> Thanks in advance.
>
> --
>
> Hostgreen,
> http://www.hostgreen.com
> fcastillo@hostgreen.com
> tlf. 678205316 - 952431313
> id msn - fcastillopinazo@hotmail.com
>
>
> --
>
> Hostgreen,
> http://www.hostgreen.com
> fcastillo@hostgreen.com
> tlf. 678205316 - 952431313
> id msn - fcastillopinazo@hotmail.com
>
>
> --
>
> Hostgreen,
> http://www.hostgreen.com
> fcastillo@hostgreen.com
> tlf. 678205316 - 952431313
> id msn - fcastillopinazo@hotmail.com
>
>
>
>
> --
> To UNSUBSCRIBE, email to debian-isp-REQUEST@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
> MailScanner thanks transtec Computers for their support.
>
-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
MailScanner thanks transtec Computers for their support.
Reply to: