Re: FTP Server behind NAT

To: freebsd-pf@xxxxxxxxxxx
Subject: Re: FTP Server behind NAT
From: Claudiu Dragalina-Paraipan <dr.clau@xxxxxxxxx>
Date: Thu, 21 Oct 2004 21:05:29 +0300
Delivered-to: freebsd-pf@xxxxxxxxxxx
Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=UHHn45Vm/6x64aAa1DF8Fh7KQ8yhCIa6IfsbSacK0KzF9vE0ye7kUX8aFNWQ2jGvhXZCR3KoEyre5SWNr3N2gHu4+AVYFQdtVU1h3BgPaJ1/bJv8UjOuaY0XT/SM9Oa3f50zMjT7Yk7/wP/gUjINbwEISyHYvWXgJz6Rw4JThsA=
In-reply-to: <c2d45d6e0410200014152dd8f7@xxxxxxxxxxxxxx>
List-archive: <http://lists.freebsd.org/pipermail/freebsd-pf>
List-help: <mailto:freebsd-pf-request@freebsd.org?subject=help>
List-id: Technical discussion and general questions about packet filter (pf) <freebsd-pf.freebsd.org>
List-post: <mailto:freebsd-pf@freebsd.org>
List-subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=subscribe>
List-unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-pf>, <mailto:freebsd-pf-request@freebsd.org?subject=unsubscribe>
References: <c2d45d6e0410200014152dd8f7@xxxxxxxxxxxxxx>
Reply-to: Claudiu Dragalina-Paraipan <dr.clau@xxxxxxxxx>

Hello again,

in the meanwhile I found a solution:
ftp can be aware of the fact that it must use another IP for passive
mode connections.
vsftpd option that does this is "pasv_address" and pureftpd is
"ForcePassiveIP". Probably most decent ftp servers have such an
option.
The firewall still has the redirect the same ports to the internal ftp
server for this to work.

Best regards,


On Wed, 20 Oct 2004 09:14:06 +0200, Claudiu Dragalina-Paraipan
<dr.clau@xxxxxxxxx> wrote:
> Hello,
> 
> I am using a FTP Server behind NAT. I have problems connecting to it
> from a computer which is itself behind NAT.
> I do know how to fix this problem at client side, by using ftp-proxy,
> but this is not a possible scenario.
> I am looking for a way to solve this at FTP Server side (the NATing machine).
> The OpenBSD PF FAQ doesn't help too much in this direction.
> 
> I encounter this situation:
> - when I use active mode it tells me that it won't connect to
> 192.168.99.201, which is my ftp client machine, behind NAT.
> - when I use passive move, the ftp client tells me it cannot connect
> to 192.168.20.1, which is the internal network IP address of the FTP
> server.
> 
> Of course, this happens after I succesfully log into the FTP server.
> 
> Hopefully someone has solved this situation.
> Thank you in advance.
> 
> Best regards,
> 
> --
> Claudiu Dragalina-Paraipan
> e-mail: dr.clau@xxxxxxxxx
> 


-- 
Claudiu Dragalina-Paraipan
e-mail: dr.clau@xxxxxxxxx

Follow-Ups:
- Re: FTP Server behind NAT
  - From: Pyun YongHyeon

References:
- FTP Server behind NAT
  - From: Claudiu Dragalina-Paraipan

Prev by Date: Re: Installing on FreeBSD 5.2.1
Next by Date: Another problem with pf..
Previous by thread: FTP Server behind NAT
Next by thread: Re: FTP Server behind NAT
Index(es):
- Date
- Thread