Re: problem with pasive MODE and NAT
Try loading two additional netfilter modules to do conection tracking for your ftp conection called ip_conntrack_ftp and ip_nat_ftp this should sort out your problem Regards Corne Alberts Information Architect Quoting Francisco Castillo [EMAIL PROTECTED]: Hello, I has a proftpd server on a linux debian woody with a NAT sheeme. So my proftpd is listening on the 192.168.0.X private ip and my router has mapping the ports from 4 to 40010 from the public ip to the 192.168.0.X ip in order to allow pasive port transfers from internet. So i has this config on my proftpd.conf # para el NAT MasqueradeAddress 217.00.00.214 PassivePorts 4 40010# These ports should be safe but i has this problem: when i connect from a cuteftp client from a 192.168.0.Y ip the client get the correct pasive port to get data (4) from the proftpd server but if i try to access from a public client ip (with cuteftp too) the server said to get a aleatorious port and not in the range 4-40010 COMANDO: PASV 227 Entering Passive Mode (217,00,00,214,238,235)). 238,235 = 238*256 + 235 != 4-40010 so i ask what could be happening? How could i solve my problem? Thanks in advance. -- Hostgreen, http://www.hostgreen.com [EMAIL PROTECTED] tlf. 678205316 - 952431313 id msn - [EMAIL PROTECTED] -- Hostgreen, http://www.hostgreen.com [EMAIL PROTECTED] tlf. 678205316 - 952431313 id msn - [EMAIL PROTECTED] -- Hostgreen, http://www.hostgreen.com [EMAIL PROTECTED] tlf. 678205316 - 952431313 id msn - [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. - This mail sent through IMP: http://horde.org/imp/ -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. MailScanner thanks transtec Computers for their support. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
problem with pasive MODE and NAT
Hello, I has a proftpd server on a linux debian woody with a NAT sheeme. So my proftpd is listening on the 192.168.0.X private ip and my router has mapping the ports from 4 to 40010 from the public ip to the 192.168.0.X ip in order to allow pasive port transfers from internet. So i has this config on my proftpd.conf # para el NAT MasqueradeAddress 217.00.00.214 PassivePorts 4 40010# These ports should be safe but i has this problem: when i connect from a cuteftp client from a 192.168.0.Y ip the client get the correct pasive port to get data (4) from the proftpd server but if i try to access from a public client ip (with cuteftp too) the server said to get a aleatorious port and not in the range 4-40010 COMANDO: PASV 227 Entering Passive Mode (217,00,00,214,238,235)). 238,235 = 238*256 + 235 != 4-40010 so i ask what could be happening? How could i solve my problem? Thanks in advance. -- Hostgreen, http://www.hostgreen.com [EMAIL PROTECTED] tlf. 678205316 - 952431313 id msn - [EMAIL PROTECTED] -- Hostgreen, http://www.hostgreen.com [EMAIL PROTECTED] tlf. 678205316 - 952431313 id msn - [EMAIL PROTECTED] -- Hostgreen, http://www.hostgreen.com [EMAIL PROTECTED] tlf. 678205316 - 952431313 id msn - [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: problem with pasive MODE and NAT
Ce jour Mon, 15 Nov 2004, Francisco Castillo a dit: Hello, when i connect from a cuteftp client from a 192.168.0.Y ip the client get the correct pasive port to get data (4) from the proftpd server but if i try to access from a public client ip (with cuteftp too) the server said to get a aleatorious port and not in the range 4-40010 COMANDO:PASV 227 Entering Passive Mode (217,00,00,214,238,235)). 238,235 = 238*256 + 235 != 4-40010 so i ask what could be happening? How could i solve my problem? you can always set the daemon ACTIVE and allow traffic on port 20. i can't remember what i did to fix that passive, but ordinarily a client should be able to get data from the server about what the server expects, and go on from there. proftpd-doc package has more details; the Configure.html (or something like that) has that stuff. but it's easier for packet filtering purposes to just allow port 20 and 21 traffic on your gateway to the internal server. it could also be that cuteftp is a brain-dead client implementation. i don't use windoze s/w and haven't had a need to look that kind of stuff up, but google might have more info on that. othrewise, good luck :) Thanks in advance. Francisco. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Cold pizza and cold coffee, second best thing to cold pizza and warm beer. signature.asc Description: Digital signature
