From owner-freebsd-isp Fri Apr 12 7:48:25 2002 Delivered-To: freebsd-isp@freebsd.org Received: from workhorse.imach.com (barbwire.iMach.com [206.127.77.82]) by hub.freebsd.org (Postfix) with ESMTP id D603537B404 for ; Fri, 12 Apr 2002 07:48:19 -0700 (PDT) Received: from localhost (forrestc@localhost) by workhorse.imach.com (8.11.6/8.11.6) with ESMTP id g3C8hso25490; Fri, 12 Apr 2002 08:43:54 GMT (envelope-from forrestc@imach.com) Date: Fri, 12 Apr 2002 08:43:53 +0000 (GMT) From: "Forrest W. Christian" To: Leif Neland Cc: Tom Wiebe , Subject: Re: Bind and FTP Behind NAT?? In-Reply-To: <00b801c1e226$643ae320$6d05a8c0@neland.dk> Message-ID: <20020412083355.H25394-100000@workhorse.imach.com> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Oh missed ftp in the original response. Depending on the NAT implementation, you may find that only passive or only non-passive transfers work depending on the nat implementation. For connections originating on the private side, passive is required if the nat box doesn't do anything special as far as address/port rewriting in the ftp protocol itself. For connections originating from the internet, passive will generally not work but non-passive will under the set of conditions above. Be aware that some nat boxes only rewrite ftp in one direction. Thus, you might find that passive is required in both directions, or non-passive is required in both directions. Or that it just works. In short, if you have ftp transfer problems, have the user to swap his passive/non-passive ftp setting and try again. You may also have to play with port 20 firewall/nat settings. IN some cases, having 20 punched through is good, in others it is bad. Depends on the nat implementation. FYI, in non-passive (port) mode, the connection for the data transfers is made from the server to the client. In pasv mode, the connection is from the client to the server. NAT has to get involved to make both work through a firewall. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message