On Wed, Feb 19, 2003 at 03:51:17PM -0800, Darren Gibbons wrote: > In my quest to hunt down the problem, I noticed something else interesting. > This problem does not occur (i.e. forwarding ftp works for both Windows and > Unix clients) *if* the external address I use to forward internally is the > same address that the internal network is nat'd on! Seems very strange to > me.
One possible explanation is that the windows clients expect the active data connections to come from the same IP address as they opened the control connection to, and drop data connections from other sources. Since you have the routable addresses, you could NAT the servers to their respective addresses: nat on $ExtIf from 192.168.2.85 to any -> 14.244.112.5 nat on $ExtIf from 192.168.2.0/24 to any -> 14.244.112.10 Or you could even use binat to map the addresses one to one, so even passive mode would work. Or you could run ftp-proxy with the reverse mode patch, with separate instances for port 21 on the different aliases. If you only need to support outgoing connections, NATing to the respective address is probably the easiest and most secure solution. Daniel
