Passive FTP Problem in NAT.
Svavar Örn Eysteinsson
svavar at prmail.atom01.is
Wed Sep 15 16:51:03 CEST 2004
Hi.
Could someone help me or give me advice regarding NAT on a FTP server located
in my DMZ.
This is my setup :
My Firewall(Linux 2.4.22-1) :
|
- eth0 = Public Interface (x.x.x.66 / 26 )
|
- eth1 = DMZ Interface (172.16.100.254 / 24 )
|
- eth2 = My Internal Network ( 192.168.1.1 / 24 )
I have a FTP server located on my DMZ Network. The server is listening
on a "non-standard" ftp port. It listens on port : 2121.
To generate my firewall config I use FwBuilder. I've tried many configurations
but, I never get the data port to open( e.g. to list a directory)
In my configuration I've allowed, and NAT'ed the following services
to my FTP server located on the DMZ :
FTP = TCP Destination Port : Start : 2121 - End : 2121
FTP_DATA = TCP Source Port : Start : 20 - End : 20
Destination : Start : 1024 - End : 65535
I can connect, but cannot list the directories.
p.s. I'm running Proftpd on my FTP server. I have also tried to configure
the "PassivePorts= 60000 65534" to configure a group of the passive ports.
But it's the same issue with the directory listening.
Any help would be much appreciated.
Best regards to all,
Svavar O
Reykjavik - Iceland
More information about the netfilter
mailing list