Just a quick thought here ... if your ISP is blocking ports below 1024, this should interfere with port 20 as well as port 21. So just opening and forwarding port 20 should not work for you -- you probably need to require clients to use passive ftp, so high ports get used instead of 20 for the transfer. (Since Joey's ISP does not block ports, he wouldn't have seen this sort of problem with port 20.)
So ... moving the control port to 3123, either by redirecting or by changing the ftp server setting, should handle that part. And indeed you seem to say it does, since a telnet connection reaches the control port. As to the data port, I think you need to be more specific about the problems users encounter than "isn't working" conveys. I don't run a NAT'd ftp server here, but I've used a bunch of them at others' sites (sometimes successfully, sometimes successfully with some ftp clients and not with others, sometimes never successfully) and I know from that that the problems can be tricky to figure out. You might also find it helpful to read the document "FTP and Firewalls", a PDF doc available at ftp://ftp.echogent.com/docs/ . At 08:40 AM 10/2/02 -0500, Joey Officer wrote: >I have a similar situation working were I had to open up some odd ports, but >in my case I didn't have to alter the ports. You could modify ftp >configuration of your ftp server to listen on port 3123, that should solve >the problem and you don't have to worry about redirecting ports. I think in >my case I also had to add the EXTERN_PROTOx line, I don't remember if I >'had' to do it, but I have and its worked since. I'm adding a mail server >in the coming week or so, but I'm not in a situation where my provider is >blocking ports. > >Curious to see if changing the internal ftp port to the same will work... > >Joey Officer >Martin Apparatus, Inc. > >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of ArisB >Sent: Tuesday, October 01, 2002 12:39 PM >To: [EMAIL PROTECTED] >Subject: [leaf-user] FTP server behind dachstein > >I've got a FTP server running on my internal network on port 21. >I'm trying to port forward it trough my dachstein firewall. >My internet provider has blocked the ports under 1024, so i opened port 3122 >like this: > >EXTERN_TCP_PORTS="0/0_3123 0/0_3122" (3123 is for my webserver, wich is >working) > >And i did the port forwarding like this: > >INTERN_SERVERS="tcp_${EXTERN_IP}_3123_192.168.1.1_3123 >tcp_${EXTERN_IP_3122_192.168.1.1_21" > >The ftp isn't working, but when someone connects with telnet he can see that >i'm running the pure-ftp deamon. > >I have tried to open port 20 and forwarded to 192.168.1.1:20 but that isn't >working. >Can anyone help me? -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
