From owner-freebsd-questions@FreeBSD.ORG  Tue Feb  1 09:15:19 2005
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D754316A4CE
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Feb 2005 09:15:19 +0000 (GMT)
Received: from nagual.st (cc20684-a.assen1.dr.home.nl [217.122.132.217])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2311943D2F
	for <freebsd-questions@freebsd.org>;
	Tue,  1 Feb 2005 09:15:19 +0000 (GMT)	(envelope-from dick@nagual.st)
Received: from localhost (localhost [127.0.0.1])
  (uid 1000)
  by nagual.st with local; Tue, 01 Feb 2005 10:14:29 +0100
Date: Tue, 1 Feb 2005 10:14:28 +0100
To: freebsd-questions <freebsd-questions@freebsd.org>
Message-ID: <20050201091428.GA4689@lothlorien.nagual.st>
References: <41FEBA23.6090808@locolomo.org>
	<BAY103-F14B8FED09595470529EB46C07C0@phx.gbl>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
In-Reply-To: <BAY103-F14B8FED09595470529EB46C07C0@phx.gbl>
User-Agent: Mutt/1.4.2.1i
From: Dick Hoogendijk <dick@nagual.st>
Subject: Re: Ftp behind firewall/nat
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2005 09:15:20 -0000

On 31 Jan eric wyzerski wrote:
> The solution is to explicitly tell your FTP server what to report as its 
> IP address, and give it a range of ports to give out as well.

> unix-server configuration file as follows: passive ports 
> 0.0.0.0/0 32768 49151
> passive address your.pub.IP.addr 0.0.0.0/0
> 
> At the time of writing, it's been reported that Microsoft IIS's FTP
> server is not capable of being configured this way.

> so, my problem exactly this: the client try to connect to 10.1.1.6 and
> not my external IP address. guess what? Im using IIS ftp server (I
> cant use anything else), so does there is a way to resolve this
> problem on doing something on the routeur (ipnat)?

Only "solution" is open all your high incoming ports. You don't want
that of course ;-)

There is NO other way PASS can be handled or redirected. You *need* to
know beforehand which ports exactly will be opened.

Aks microsoft why they won't support this feature. They are moving into
a more secure OS (at least they say they are..)

-- 
dick -- http://nagual.st/ -- PGP/GnuPG key: F86289CE
++ Running FreeBSD 4.11 ++ FreeBSD 5.3
+ Nai tiruvantel ar vayuvantel i Valar tielyanna nu vilja