hi all i had a couple of general questions about ftp serving through an ipf/ipnat gateway.
i had set up my gateway box to redirect port 21 to my internal ftp server, i.e., to only allow active ftp sessions. this has been working ok, i've just been telling users to set their ftp clients for 'active' mode, or unselect 'passive' mode. i have run into a weird situation with one particular ftp user. this user is connecting to the ftp server remotely from behind a router that does nat translation for the subnet that this person is on. this is the only thing different between this person and my 30 or so other ftp users who have been successfully connecting using active mode. this person is able successfully log in and connect to the server, but their ftp client immediately gives off an error 425 - unable to establish data connection... when this person ftp's via the command line in win2000, i.e., ftp my.ftpserver.org <enter username> <enter password> (they're successfully authenticated at this point) when they try to issue the 'ls' statement, they are given the same 'error 425 - unable to establish data connection'... i've spoken to this person's isp. there are no firewall restrictions on their router. the person can ftp to other servers fine. i'm not quite sure how to proceed troubleshooting this problem - whether or not i should tweak my gateway config to allow for passive ftp, or if i should try to enable transparent proxy support (or both). for the record, i've tried enabling both, and seem to be having trouble. but at this point, i would just like to know what the issue is exactly, so that i can proceed troubleshooting it... any advice would be appreciated, if anyone has dealt with this type of issue before... thanks redmond
msg19099/pgp00000.pgp
Description: PGP signature
