Boyd Kelly wrote:
Passive FTP:Hello,I have 3 servers behind my Dachstein firewall, and 3 static IP's bound to my public interface. (Not using DMZ). I have been forwarding various ports to each server, but only able to use FTP on the first IP. I sort of understand the issues with this(read some of the docs floating around the internet), and wonder if there is something I can do to get passive FTP forwarded to any of my 3 boxes. Right now attempting to forward TCP 20/21 from public to private.
Ctrl: Client * -> 21 Server
...client asks for data connection...
...server returns port # to use...
Data: Client * -> * Server (Server supplied port #)
So...for passive FTP, you need to forward port 21 from your firewall to the FTP server. This will let clients connect. To support passive FTP, you then need to configure your FTP server to use a specific range of ports for passive connections, and configure your firewall to forward these ports to your FTP server as well.
Configuration of the passive port range varies depending on your FTP server. Some FTP servers cannot set the passive port range...in this case, you should switch FTP servers to one that is more firewall friendly.
Then, when a client requests a passive-mode data connection, the FTP server will provide a destination port # within a specific range, and when this packet hits your firewall, it will be forwarded to the FTP server, and all will be right with the world. :-)
NOTE: In addition to port-forwarding, you also have to make sure your firewall rules allow the inbound traffic.
--
Charles Steinkuehler
[EMAIL PROTECTED]
-------------------------------------------------------
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
http://www.vasoftware.com
------------------------------------------------------------------------
leaf-user mailing list: [EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user
SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
