Andrew Pritchard ([EMAIL PROTECTED]) wrote: > > What I want, is a way for people on internet to be able to connect (both > > active and passive) to my FTP server. And my FTP server (192.168.1.13) > > is located on the internal network. > > I've done it just by forwarding Port 21 to the internal machine from the > firewall. That's all I did.
Do you have any filtering rules on the masq-router? If you block port 20 of the ftp-server, it will brake aktive and if you block >1024 it will brake passive ftp. > > With portforwarding, it is possible to make both active and passive > > connections. But with passive it is not possible to fetch any data. I > > believe this is becasue my firewall (192.168.1.1) is not accepting the > > FTP servers request to open a new port. Can I make a ipchains rule to allow > > this? > > I'm wondering if you're using a chroot jailed FTP server, and you don't have > the > right binaries in the chroot jail. I could be missing the target here though. Since he can do ls with active ftp, that cannot be the problem here. -Rolf
