assuming it is proftpd you are using behind your firewall, you will have to include following two lines in your proftpd.conf
MasqueradeAddress yourhost.com PassivePorts 40000 49000 and set up a port-forwarding for all passive ports to the internal server. you will probably not need 9000 ports though. without these two lines your server informs clients that its ip address is something like 192.168.1.45 (its masqueraded address) so the ftp client tries to connect to a server at 192.168.1.45 on an arbitrary port. this fails of course and you get a timeout. reading the manual is always a good idea to get a more thorough understanding of what is going on. regards, kiril -----Ursprüngliche Nachricht----- Von: Jeff Newmiller <[EMAIL PROTECTED]> An: Jeff <[EMAIL PROTECTED]> Cc: leaf-user <[EMAIL PROTECTED]> Datum: Sonntag, 2. Juni 2002 07:34 Betreff: Re: [leaf-user] ftp forwarding problems... >You should read ftp://ftp.echogent.com/docs/FTP_and_Firewalls.pdf because >this is a challenging problem that requires cooperation between your >firewall and server to solve. > >Depending on why you want ftp, you may find it better to use an >alternative protocol like ssh (scp) or http. > >On Sat, 1 Jun 2002, Jeff wrote: > >> Ok, after fighting the war to get tcp forwarding working on Eigerstein >> 3.1.0, >> adding EXTERN_TCP_PORTS="0/0_ssh 0/0_smtp 0/0_tcp" >> and >> the tuple to INTERN_SERVERS="tcp_${EXTERN_IP}_ftp_192.168.2.201_ftp" >> and uncommenting INTERN_FTP_SERVER, changing it's IP to mine, >> INTERN_FTP_SERVER=192.168.2.201 # Internal FTP server to make available >> >> I finally was able to ftp connect from an external machine. >> >> But, after I ftp connect and log in and enter 'ls' command I get >> 227 Entering passive Mode(192,168,2,201,172,45) >> and it finally times out. >> Coming from an internal machine and loggiong in as the same user does >> not cause this error. >> >> Other commands. pwd, cd, etc, work fine. >> >> What the hell is going on? >> What do I need to do to get ftp to work from an external source? >> If memory serves me correct, doesn't ftp open ANOTHER port for >> transferring the output of ls data, and do the same thing when you >> transfer a file? >> >> I have been pulling what little hair I have left out over this. >> >> -- >> Jeff >> [EMAIL PROTECTED] >> >> _______________________________________________________________ >> >> Don't miss the 2002 Sprint PCS Application Developer's Conference >> August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm >> >> ------------------------------------------------------------------------ >> leaf-user mailing list: [EMAIL PROTECTED] >> https://lists.sourceforge.net/lists/listinfo/leaf-user >> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html >> > >--------------------------------------------------------------------------- >Jeff Newmiller The ..... ..... Go Live... >DCN:<[EMAIL PROTECTED]> Basics: ##.#. ##.#. Live Go... > Live: OO#.. Dead: OO#.. Playing >Research Engineer (Solar/Batteries O.O#. #.O#. with >/Software/Embedded Controllers) .OO#. .OO#. rocks...2k >--------------------------------------------------------------------------- > > >_______________________________________________________________ > >Don't miss the 2002 Sprint PCS Application Developer's Conference >August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm > >------------------------------------------------------------------------ >leaf-user mailing list: [EMAIL PROTECTED] >https://lists.sourceforge.net/lists/listinfo/leaf-user >SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html > _______________________________________________________________ Don't miss the 2002 Sprint PCS Application Developer's Conference August 25-28 in Las Vegas -- http://devcon.sprintpcs.com/adp/index.cfm ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
