RE: [WS_FTP Forum] Double nat problems

[Seth Berger]

Thank you >>> [EMAIL PROTECTED] 08/25/03 09:40AM >>> Yes, but you may not like it very much. 1.) If using WS_FTP Server 4.01 set the options in "Firewall" to use your external IP address.  Likely is that a PASV connection is attempted and the client is attempting to connect to your private address space, not your global address space.  If that does not work... then here's the only fix I know: 2.) Put two NIC's in your WS_FTP Server.  One NIC goes to your internal network.  The other NIC goes to your external network and has your public address on it.  Configure WS_FTP Server to use the external address, and set the port range from 1024-5000.  Set your default gateway on the external interface to be whatever your external gateway is (border router?).  DO NOT SET the default gateway on your internal NIC, instead use a persistent route statement for just your internal subnets. (E.G., if your internal address space is all in the 192.168.x.x range, you'd add (from and command prompt) ROUTE -p ADD 192.168.0.0 255.255.0.0 <gateway_ip address>.  Finally, implement Access Lists on your external router to throw away inbound traffic destined for the external interface of the FTP server.  You'll want to allow TCP & UDP ports 20,21 and the range from 1024-5000.  Throw everything else away. good luck. Pete -----Original Message----- From: Seth Berger [mailto:[EMAIL PROTECTED] Sent: Monday, August 25, 2003 8:31 AM To: [EMAIL PROTECTED] Subject: [WS_FTP Forum] Double nat problems I am running my ftp server internal, with an internal address of 192.168.x.x, and my external (internet) address 206.245.157.x.  I have a client that is trying to connect via the internet to my internal server, and they are running an internal address through a Checkpoint FW, and can't get data connection.  We are using SSL with a Verisign certificate.  I tried from my house over DSL, and through a linksys router from my NAt'd internal address, and it worked fine. Anyone have any suggestions? Client V8 Server v4.01 Thanks Seth Berger National Penn Bank Information Technology, Network Support (610)369-6623 http://www.realmed.com/legal/confidential.htm Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. ................................................................... This message is intended only for the use of the individual or entity to which it is addressed and may contain information that is privileged, confidential, and exempt from disclosure under applicable law. If the reader of this message is not the intended recipient you are hereby notified that any dissemination, distribution, or copying of this communication is strictly prohibited.