i posted this a while ago to '[EMAIL PROTECTED]' but that seems to be a low traffic list so i repeat it here:
i have received the following advice from another list concerning my problems with getting both active and passive ftp transfers from proftpd behind snf: ---------snip----------- Ok .. this fix for this has nothing to do with proftpd, i just went though this myself. On your firewall, what you need to do is load the ip_masq_ftp modules with the following aguments modprobe ip_masq_ftp in_ports=20,21,49157,49153 This will alow the mod to handle the incoming taffic. Also remeber to portfw all traffic coming to ports 20,21 and since you are using the high ports for passive, 49152 and 49153. ------------snip--------------------- i do not want to do stuff to my firewall that i don't fully understand so i would be gratefull if s/one could confirm that this would be okay to run on my snf (whether it solves my problem or not is another question!) bascule p.s. my original post to the proftpd list is copied below for context ---------snip------ hi, i've joinedthis list to see if i can get an answer to something i've notice while i've been playing with proftpd; i'm behind a firewall using nat and i want to set up ftp so that active or passive users can transfer, using proftpd i can arrange for either but not apparently both, i have used the passivePorts directive to specify a small range of ports that i have forwarded to the server from the firewall and used MasqueradeAddress to set the ip of the firewall as opposed to the private ip of the server, only unless i comment out the MasqueradeAddress directive, active ftp doesn't work, i can leave the PassivePorts directive as it is and active ftp still works but of course passive ftp doesn't unless i uncomment MasqueradeAddress, the thing is since MasqueradeAddress just sets the ip of the firewall and that is all any active client needs to see why does this prevent active ftp from working? ----------snip-------------
