From owner-freebsd-questions Wed Feb 12 14:48:24 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6219E37B401 for ; Wed, 12 Feb 2003 14:48:22 -0800 (PST) Received: from darkpossum.medill.northwestern.edu (darkpossum.medill.northwestern.edu [129.105.51.23]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5857B43F3F for ; Wed, 12 Feb 2003 14:48:21 -0800 (PST) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: from darkpossum.medill.northwestern.edu (540859c0c3b190fd1ef77d550910ab5c@localhost.medill.northwestern.edu [127.0.0.1]) by darkpossum.medill.northwestern.edu (8.12.6/8.12.6) with ESMTP id h1CMdBjZ003582 for ; Wed, 12 Feb 2003 16:39:11 -0600 (CST) (envelope-from possum@darkpossum.medill.northwestern.edu) Received: (from possum@localhost) by darkpossum.medill.northwestern.edu (8.12.6/8.12.6/Submit) id h1CMdBxC003581 for freebsd-questions@freebsd.org; Wed, 12 Feb 2003 16:39:11 -0600 (CST) Date: Wed, 12 Feb 2003 16:39:11 -0600 From: Redmond Militante To: freebsd-questions@freebsd.org Subject: passive ftp on ipf/ipnat Message-ID: <20030212223911.GE2505@darkpossum> Reply-To: Redmond Militante Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="phCU5ROyZO6kBE05" Content-Disposition: inline User-Agent: Mutt/1.4i X-Sender: redmond@darkpossum.medill.northwestern.edu X-URL: http://darkpossum.medill.northwestern.edu/modules.php?name=Content&pa=showpage&pid=1 X-DSS-PGP-Fingerprint: F9E7 AFEA 0209 B164 7F83 E727 5213 FAFA 1511 7836 X-Favorite-Food: Pizza Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG --phCU5ROyZO6kBE05 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline hi all i had a couple of general questions about ftp serving through an ipf/ipnat gateway. i had set up my gateway box to redirect port 21 to my internal ftp server, i.e., to only allow active ftp sessions. this has been working ok, i've just been telling users to set their ftp clients for 'active' mode, or unselect 'passive' mode. i have run into a weird situation with one particular ftp user. this user is connecting to the ftp server remotely from behind a router that does nat translation for the subnet that this person is on. this is the only thing different between this person and my 30 or so other ftp users who have been successfully connecting using active mode. this person is able successfully log in and connect to the server, but their ftp client immediately gives off an error 425 - unable to establish data connection... when this person ftp's via the command line in win2000, i.e., ftp my.ftpserver.org (they're successfully authenticated at this point) when they try to issue the 'ls' statement, they are given the same 'error 425 - unable to establish data connection'... i've spoken to this person's isp. there are no firewall restrictions on their router. the person can ftp to other servers fine. i'm not quite sure how to proceed troubleshooting this problem - whether or not i should tweak my gateway config to allow for passive ftp, or if i should try to enable transparent proxy support (or both). for the record, i've tried enabling both, and seem to be having trouble. but at this point, i would just like to know what the issue is exactly, so that i can proceed troubleshooting it... any advice would be appreciated, if anyone has dealt with this type of issue before... thanks redmond --phCU5ROyZO6kBE05 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (FreeBSD) iD8DBQE+Ss0PFNjun16SvHYRAkCEAJ97K5ZxoT4x+UFJea54QFBGmwQkhwCfRQSu tKPhPwmSuDoPNKkY5EXOu0w= =ZsV3 -----END PGP SIGNATURE----- --phCU5ROyZO6kBE05-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message