Sorry, that IP tables entry should have been:
*DNAT tcp -- anywhere anywhere tcp dpt:ftp to:10.101.64.144:10121 * On Fri, Mar 12, 2010 at 1:56 PM, Niklas Gustavsson <[email protected]>wrote: > On Fri, Mar 12, 2010 at 2:46 PM, Niklas Gustavsson <[email protected]> > wrote: > > In these case, are you really running behind iptables? Because, it > > struck me that since you map the ports, the client will try to connect > > to the server on 10120 since that's what the server told him to do in > > the response to the PASV command. He will not know to connect on port > > 20. > > That being said, we currently support providing an "external" IP > address for passive connection, for use when we're behind a NAT. But, > we do not support providing an "external" port, for this kind of use. > We surely could, if people are really interested in port mapping > passive connections. I doubt it is that useful, but who knows :-) > > /niklas >
