William R. Lorenz wrote:
On Wed, 4 Nov 2009, Evgeny Yurchenko wrote:
Nathan Eisenberg wrote:
Sorry for bringing this back up whats the correct way to implement an
FTP server behind a 1:1 NAT and not receive 500 Illegal PORT command?
I dont care if it uses the proxy, I just want incoming FTP connections
to work.
Which PORT command results in '500 Illegal PORT command'?
That happens when there's not any stateful FTP inspection, i.e. to map
the internal RFC1918 space to a public IP address per the 1:1 NAT, as
is used by the FTP protocol to open up a socket. There's only one
"PORT" command.
PORT command is used only if client establishes ACTIVE FTP session. By
question 'which PORT ...' I meant content of PORT command because if
this command contains local IP address of client and the request for FTP
session (communication over port 21) came from public IP address then
the server most probably will give you something like "500 Illegal PORT
command".
FTP server can work behind pfSense with or without 1:1 NAT, with or
without ftp-proxy (if 1:1 NAT is not used).
Evgeny.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
