Subject: Firewall, NAT and FTP
To: None <email@example.com>
From: Arto Huusko <firstname.lastname@example.org>
Date: 07/02/2001 17:21:51
What I'm trying to make work is an active ftp connection from behind
a firewall and NAT to ftp.sunet.se. And yes, the target machine is
important. I have my setup working very well, as it is. And active
FTP connections are working. But not to ftp.sunet.se.
After examining things and stuff for a while, I finally realised what
the trouble is (or what I think it is). Ftp.sunet.se resolves to
220.127.116.11. I set ipf to log blocked packets, and started active
ftp connection to sunet. I logged in anonymous (login works, nothing
after that) and witnessed the following line in ipmon output:
<timestamp> ne1 @0:3 b 18.104.22.168,21 -> <my-ip>,65516 PR tcp len 20 51717 -A IN
So the connection active ftp sends my way comes from different
Is that the actual problem?
And is there any solution to this?
Even if I disable my firewall, I still can't get connections from
NATted addresses. On the other hand, even with the firewall up,
active ftp works from the firewall box always.