Date: Fri, 12 Apr 2002 08:43:53 +0000 (GMT) From: "Forrest W. Christian" <forrestc@imach.com> To: Leif Neland <leifn@neland.dk> Cc: Tom Wiebe <twiebe@mac.com>, <isp@FreeBSD.ORG> Subject: Re: Bind and FTP Behind NAT?? Message-ID: <20020412083355.H25394-100000@workhorse.imach.com> In-Reply-To: <00b801c1e226$643ae320$6d05a8c0@neland.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
Oh missed ftp in the original response. Depending on the NAT implementation, you may find that only passive or only non-passive transfers work depending on the nat implementation. For connections originating on the private side, passive is required if the nat box doesn't do anything special as far as address/port rewriting in the ftp protocol itself. For connections originating from the internet, passive will generally not work but non-passive will under the set of conditions above. Be aware that some nat boxes only rewrite ftp in one direction. Thus, you might find that passive is required in both directions, or non-passive is required in both directions. Or that it just works. In short, if you have ftp transfer problems, have the user to swap his passive/non-passive ftp setting and try again. You may also have to play with port 20 firewall/nat settings. IN some cases, having 20 punched through is good, in others it is bad. Depends on the nat implementation. FYI, in non-passive (port) mode, the connection for the data transfers is made from the server to the client. In pasv mode, the connection is from the client to the server. NAT has to get involved to make both work through a firewall. - Forrest W. Christian (forrestc@imach.com) AC7DE ---------------------------------------------------------------------- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/ Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 ---------------------------------------------------------------------- Protect your personal freedoms - visit http://www.lp.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020412083355.H25394-100000>