Firewall/NAT

hi all,

i am using a ftp server for a couple of years now, a couple of days ago i switched to another ISP and to monowall.

My problem is that i can access my ftp externally with my webbrowser but after autentication i get nothing. I'm pretty sure i set it up correct because i can authenticate to my ftp server and enter my user and password so the ports must me open (internally the ftp server works perfectly)

could this be an ISP problem or is this a monowall bug

with my previous router and ISP it worked like a charm, i didn't change anything to my ftp server

thanks in advance

The fact that you can authenticate means that the connection to the server's control port (TCP port 21) is working. But this does not mean that the communication with the data port will work.

Problems of the type you are having almost always involve difficulties with NAT.

You might want to read up on passive vs active ftp and see how NAT can and will interfere with this.

http://slacksite.com/other/ftp.html

Some ftp servers require port 20 to be open too. Which ftp server are you using?

problem resolved i mapped all ports higher than 1024 and it worked.

but it's not so safe to have that many ports open, but at least i know what the problem is. now i need to figure out what ports can be closed.

i am using proftpd on fedora 10

thanks for your answers it did help me alot

If you are using passive ftp mode, there is port range you can select. Im using typsoft ftp and when i select passive ftp mode, it lets me select port range to use for example 5000-10000. If you use active ftp mode, there is no reason to have any other ports open beside 21 (and maybe 20 too)

Not an answer to your specific problem, but have you considered using sftp instead? It's a lot more secure, it's likely already installed on your Fedora, and you won't have these port problems. There are free Windows sftp clients out there too.