Just wondering if anybody can shed some light on an error I'm getting trying to initiate an (active) ftp session from behind a NAT firewall.
I've got two IPFilter firewalls (both 4.1.17, both on Solaris) and only one has a problem with FTPing. The difference is that one firewall has a slightly more complicated ruleset than the other, and rather than NATing all addresses with the firewall's external IP (only), one firewall NATs a subset of the outbound addresses to an IP other than the firewalls IP (same subnet). In both cases, all other protocols other than FTP work fine under this configuration: Firewall one: FTP works map nge1 10.0.0.0/8 -> 0/32 proxy port ftp ftp/tcp map nge1 from 10.0.0.0/8 to 0.0.0.0/0 -> 0/32 portmap tcp/udp auto map nge1 from 10.0.0.0/8 to 0.0.0.0/0 -> 0/32 Firewall two: FTP broken map bge1 from 0.0.0.0/0 to a.b.c.d/32 port = 21 -> w.x.y.z/32 proxy port ftp ftp/tcp map bge1 from 0.0.0.0/0 to a.b.c.d/32 -> w.x.y.z/32 portmap tcp/udp auto map bge1 from 0.0.0.0/0 to a.b.c.d/32 -> w.x.y.z/32 On the second firewall, the rules are slightly different as I need to map only a subset of connections, and they need to map to an address which isn't 0/32. But as everything other than FTP seems to work, it seems like I'm doing something wrong with FTP, or there's a bug somewhere. Any ideas would be appreciated! corey
