yep definately running on port 21. can connect to it even, provided I have a public IP (or I'm on the network) works fine... only fails if *I'm* behind NAT.
Connects/password fine but cannot retrieve files/directory listings - James -----Original Message----- From: Steve Onnis [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 6:28 PM To: CFAussie Mailing List Subject: [cfaussie] RE: OT: FTP Routing have you made sure that the ftp server firewall behind the firewall is set to run on port 21? i will have a playt with my firewall tonight if you like and see what i can come up with Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Macpherson Sent: Tuesday, February 17, 2004 6:27 PM To: CFAussie Mailing List Subject: [cfaussie] RE: OT: FTP Routing ah - yeah what I'm trying to say (and for anyone who's interested) simply forwarding ports 20 and 21 (the FTP data and command ports respectively) doesn't work. When an FTP connection is established the FTP server opens a user (greater than 1024) port. The client then tries to connect to this but because the NAT doesn't read the FTP commands it doesn't know what port the server just opened. I am not 100% sure how a proper firewall works (I *think* it reads the FTP headers) but it 'knows' which port to forward to the client. Passive FTP gets around this problem but it only works if person A is behind a NAT and is trying to connect to Server B which is not behind NAT. Windows seems to cope (though I'm not 100% sure why) if person A is not behind NAT but on a public IP (eg. most dialup accounts) whether the server is behind NAT or not. eh, that's basically it - James -----Original Message----- From: Steve Onnis [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 6:16 PM To: CFAussie Mailing List Subject: [cfaussie] RE: OT: FTP Routing from the firewall you should be able to just divert traffic for that port number -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Macpherson Sent: Tuesday, February 17, 2004 6:12 PM To: CFAussie Mailing List Subject: [cfaussie] RE: OT: FTP Routing Yeah I am using Windows NAT to do the routing, not sure what you mean by 'set up the service on its own IP then forward to your internal server' but it sounds like what I've already done. The hardware firewall isn't really an option (as this machine is also running the DNS etc. etc. Unfortunately it seems that the windows NAT is not good enough to support the wierd handshake you get with FTP. In short: FTP server behind Windows NAT - client with public IP = FINE FTP server on public IP - Client behind NAT = FINE FTP server behind Windows NAT - Client behind NAT = DOESN'T WORK Linux (and your hardware firewall, as you've said) can do the handshake properly. But I guess windows can't, or I just don't know how to do it and can't find anything that helps... Cheers anyways :) - James -----Original Message----- From: Steve Onnis [mailto:[EMAIL PROTECTED] Sent: Tuesday, February 17, 2004 5:08 PM To: CFAussie Mailing List Subject: [cfaussie] RE: OT: FTP Routing Depends If your using NAT, i would set the FTP service up on its own IP address, then forward the request on to your internal FTP server if your using a firewall, there should be a way to port forward the request. I have a $500 hardware firewall and i can do it on that Steve -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James Macpherson Sent: Tuesday, February 17, 2004 5:01 PM To: CFAussie Mailing List Subject: [cfaussie] OT: FTP Routing Hi all, this is very off topic but desparate and there seems to be a high level of technical know how on here... I have a windows 2000 server as our internet gateway (static IP yada yada) but I want an FTP server behind the gateway (another Windows 2000 machine but don't think that matters). The problem is simply forwarding ports 20 and 21 doesn't work. PASSIVE mode works for clients but not servers behind a firewall. On Linux I can do this easily using the contrak kernel/iptables module but I don't know the equivalent on windows? help???? - James --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004 --- You are currently subscribed to cfaussie as: [EMAIL PROTECTED] To unsubscribe send a blank email to [EMAIL PROTECTED] MXDU2004 + Macromedia DevCon AsiaPac + Sydney, Australia http://www.mxdu.com/ + 24-25 February, 2004
