From owner-freebsd-isp  Fri Apr 12  7:48:25 2002
Delivered-To: freebsd-isp@freebsd.org
Received: from workhorse.imach.com (barbwire.iMach.com [206.127.77.82])
	by hub.freebsd.org (Postfix) with ESMTP id D603537B404
	for <isp@FreeBSD.ORG>; Fri, 12 Apr 2002 07:48:19 -0700 (PDT)
Received: from localhost (forrestc@localhost)
	by workhorse.imach.com (8.11.6/8.11.6) with ESMTP id g3C8hso25490;
	Fri, 12 Apr 2002 08:43:54 GMT
	(envelope-from forrestc@imach.com)
Date: Fri, 12 Apr 2002 08:43:53 +0000 (GMT)
From: "Forrest W. Christian" <forrestc@imach.com>
To: Leif Neland <leifn@neland.dk>
Cc: Tom Wiebe <twiebe@mac.com>, <isp@FreeBSD.ORG>
Subject: Re: Bind and FTP Behind NAT??
In-Reply-To: <00b801c1e226$643ae320$6d05a8c0@neland.dk>
Message-ID: <20020412083355.H25394-100000@workhorse.imach.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-isp@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-isp.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-isp>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-isp>
X-Loop: FreeBSD.org

Oh missed ftp in the original response.

Depending on the NAT implementation, you may find that only passive or
only non-passive transfers work depending on the nat implementation.

For connections originating on the private side, passive is required if
the nat box doesn't do anything special as far as address/port rewriting
in the ftp protocol itself.

For connections originating from the internet, passive will generally not
work but non-passive will under the set of conditions above.

Be aware that some nat boxes only rewrite ftp in one direction.  Thus, you
might find that passive is required in both directions, or non-passive is
required in both directions.   Or that it just works.

In short, if you have ftp transfer problems, have the user to swap his
passive/non-passive ftp setting and try again.

You may also have to play with port 20 firewall/nat settings.   IN some
cases, having 20 punched through is good, in others it is bad.  Depends on
the nat implementation.

FYI, in non-passive (port) mode, the connection for the data transfers is
made from the server to the client.  In pasv mode, the connection is from
the client to the server.  NAT has to get involved to make both work
through a firewall.

- Forrest W. Christian (forrestc@imach.com) AC7DE
----------------------------------------------------------------------
The Innovation Machine Ltd.                              P.O. Box 5749
http://www.imach.com/                                Helena, MT  59604
Home of PacketFlux Technogies and BackupDNS.com         (406)-442-6648
----------------------------------------------------------------------
      Protect your personal freedoms - visit http://www.lp.org/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-isp" in the body of the message