Re: ftp server ipnat firewall

From: Otto Kucera <ok(at)72pixel.at>
Date: Tue, 09 Nov 2004 11:36:52 +0100



hallo!



Peter Ross wrote:



>Otto Kucera wrote:


>  


>


>>mit wget gibts aber probleme. es scheint probleme mit den active /


>>passive ftp zu geben.


>>    


>>


>...


>  


>


>>hat jemand eine sample config für mich?


>>    


>>


>


>Nein, leider nicht. Aber vielleicht hilft Dir dies weiter:


>


>www.phildev.net/ipf/IPFprob.html


>


>  


>


ich hab jetzt eine gute anleitung gefunden und die methode funktioniert 


auch ausgesprochen gut.


http://www.cnfug.org/journal/5/05.html



>14. I have an FTP server behind an IPF firewall, and I'm having problems


>serving passive FTP.


>


>The IPF How-To gives a good explination of this. The client will try to


>connect to the server's internal IP address because that's the way passive


>FTP works: the server tells the client it's IP address in the payload and


>the client connects to it.


>


>The solution is to explicitly tell your FTP server what to report as it's


>IP address, and give it a range of ports to give out as well. You will


>then need to redirect traffic from those ports on your IPF box to the FTP


>server. Each FTP server is different, and you'll need to read the manual


>for your specific software, but to give an example, you can specificy this


>information in WU-FTPd's configuration file as follows: passive ports


>0.0.0.0/0 32768 49151


>passive address your.pub.IP.addr 0.0.0.0/0


>


>At the time of writing it's been reported that Microsoft IIS's FTP server


>is not capable of being configured this way. However, most Unix FTP


>servers should have an option for this somewhere.


>


>proftpd nutzt die Option MasqueradeAddress.


>


>Gruss


>Peter


>


>


>


>  


>


danke für die hilfe,


otto



>


>To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org


>with "unsubscribe de-bsd-questions" in the body of the message


>


>  


>



-- 
-----------------------------------
Otto Kucera
A-1020 Wien Engerthstrasse 137/6/7
Tel: +43 699 1 942 30 91 
Email: ok_at_geeks.at
Icq: 65351173
-----------------------------------
And root said rm -rf /     ......and there was nothing
*BSD is like a wigwam: NO windows, NO gates and an Apache inside!
Your mailserver MUST resolve properly (Fully Qualified Domain Name) or the
mail will not go through!
To Unsubscribe: send mail to majordomo(at)de.FreeBSD.org
with "unsubscribe de-bsd-questions" in the body of the message


Received on Tue 09 Nov 2004 - 11:37:56 CET













search this site