If you are using WU-FTPD, in addition to forwarding port 20 to the FTPD host (say,
10.0.55.55), you also configure WU-FTPD to respond such that PASV requests from 10.0
get 10.0.55.55, PASV requests from 192.168 get 192.168.55.55 and the rest get
55.55.55.55 (or whatever your external IP is).
>I have a local network at home using private addresses with one static IP on
>my firewall. I'm using Linux with 3 NICs and IPChains. My setup looks a
>little like this:
>
>(Internet) - Firewall - (192.168 Network)
> \
> \---(10.0 Network)
>
>I'm hosting a domain, and I've got another Linux machine in my 10.0 network
>handling my web and mail services, handled through port forwarding.
>
>My problem:
>How do you handle Passive FTP? From what I can see, a connection can be
>established over the normal control port, at which point the private address
>of the FTP server is transmitted to the connecting machine with port
>connection information. It looks like this IP and port information is sent
>as data rather then IP header information. Is there something tricky I can
>do at the firewall end to take care of this, or am I going to need to do
>something tricky with the FTP software on the private machine?
>
>Note: Active mode FTP works fine, except of course when the connecting
>machine is also behind a firewall.
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
