General Questions

Well, here we go... I'm a newbie and not even sure how to ask the question correctly, but I'll try. 

We are trying to configure the m0n0wall to allow FTP on port 21 and it has to allow passive mode.  We have clients who use Windows XP's "Windows Explorer" and active just will not cut it. 


Proto: tcp/udp
Source = any
port = any
destination (public IP)
port = 21

The problem is passive mode and explorer need a whole range of ports.. any suggestions?

- we are using the firewall IP as the gateway
- we have a half of a class C we are using /25

Add something like this rule below. Searching MS Support for Passive FTP I found a KB telling you exactly how to set the registry to use a specific set of high ports for the connection. This KB applies to IE, http://support.microsoft.com/kb/309816/en-us and here is the server instructions, http://support.microsoft.com/kb/810639/en-us

- <rule>
  <external-address>X.X.X.X</external-address>
  <protocol>tcp</protocol>
  <external-port>5500-7500</external-port>
  <target> internal ftp alias or IP address </target>
  <local-port>5500</local-port>
  <interface>wan</interface>
  <descr>Passive ftp</descr>
  </rule>

Change the port range to suit your needs.

Dave