News: This forum is now permanently frozen.
linktree m0n0wall Forum  >  m0n0wall Support (English)  >  Services
linktree Topic: passive FTP connection from LAN
Pages: [1]
Topic: passive FTP connection from LAN  (Read 3823 times)
« on: November 16, 2009, 14:47:03 »
opaque *
Posts: 9
Hallo

I´v set up my FTP Server (192.168.3.2) which is in a DMZ (192.168.3.1) to be reachable from WAN.
I added some lines in my /etc/vsftpd/vsftpd.conf

Code:
pasv_address=mydomain.net
pasv_addr_resolve=YES
pasv_min_port=30001
pasv_max_port=30101

further I´v added 1 WAN Rule in m0n0wall:

Code:
TCP * * 192.168.3.2 30001 - 30101 NAT FTP high ports

and 1 NAT Line:

Code:
WAN TCP 30001 - 30101 192.168.3.2 30001 - 30101 FTP high ports

now ftp passive mode works fine from extern (WAN) but not from LAN (192.168.2.x) cause the FTP Server send back his external IP address.

How can I solve this issue?

LAN to DMZ (http, mail,...) works fine after I added all the domains and hosts in the DNS forwarder section. (hope there will be soon another solution [LAN -> WAN -> DMZ].

 thx in advance
opaque
« Reply #1 on: November 16, 2009, 19:57:27 »
knightmb ****
Posts: 341
On the Internal LAN passive FTP is not necessary because there is no firewall in the way (assuming?) Change your client to use active FTP and the problem will be solved. Passive FTP came about years ago as a way to work through NAT firewalls.
Radius Service for m0n0wall Captive Portal - http://amaranthinetech.com
« Reply #2 on: November 17, 2009, 07:46:38 »
opaque *
Posts: 9
Won´t work with active mode.

Here is the log from my FTP Client (Transmit MacOS X):

Code:
Transmit 3.6.5 SitzungsmitschriftLibNcFTP 3.2.1 (August 13, 2007) compiled for UNIX
Uname: Darwin|MacPro.local|10.0.0|Darwin Kernel Version 10.0.0: Fri Jul 31 22:47:34 PDT 2009; root:xnu-1456.1.25~1/RELEASE_I386|i386
220: Welcome to my FTP service.
Connected to 192.168.3.2.
Cmd: USER ftpuser
331: Please specify the password.
Cmd: PASS xxxxxxxx
230: Login successful.
Cmd: TYPE A
200: Switching to ASCII mode.
Logged in to 192.168.3.2 as ftpuser.
Cmd: SYST
215: UNIX Type: L8
Cmd: PWD
257: "/"
Cmd: CWD /
250: Directory successfully changed.
Cmd: PWD
257: "/"
Cmd: PORT 192,168,2,2,241,181
200: PORT command successful. Consider using PASV.
Cmd: LIST -a
425: Failed to establish connection.
Cmd: NOOP
200: NOOP ok.
Falling back to PASV instead of PORT mode.
Cmd: PASV
227: Entering Passive Mode (xxx,xxx,xxx,xxx,117,52)
Cmd: PASV
227: Entering Passive Mode (xxx,xxx,xxx,xxx,117,79)
connect failed: Connection refused.

lg opaque
« Reply #3 on: November 19, 2009, 13:57:17 »
opaque *
Posts: 9
I´v tried another FTP Client (Cyberduck) instead of transmit and with this FTP client it works. SOLVED!

opaque
 
Pages: [1]
 
 
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines