FTP Issue for NAT 1:1



  • My configuration:
    Running 1.2-BETA-1 
    enable ftp-proxy at all interface - WAN, DMZ and LAN
    Server A is located at LAN using 1:1 NAT to a public IP address

    Senario
    1. When i try to FTP from Server A to an external FTP Server, I am able to authenticated however unable to put/get file from the server
    2. When i try using a workstation located at the same network however is NAT behind the LAN interface Gateway (without own public address), I am able to access to the external FTP Server.

    This is what I had done:
    1. Create a LAN firewall rule from Server A to External allow TCP any
    Or
    2. Remove the NAT 1:1 for Server A

    then only i am able to access to the external FTP server

    Is there any better solutions rather than option 1 and 2, option 2 is totally out.. I might need to live with option 1 if there isn't better solutions.

    Regards
    Hsiang





  • refering number 2 for Outgoing FTP,

    "If you have a restrictive ruleset (only allowing certain ports) then ensure that you have permitted traffic to 127.0.0.1 / ports 8000-8020"
    Where should i create this rule? at LAN interface?
    ie: any to 127.0.0.1 port TCP 8000-8020 allow



  • On the incoming interface, yes.  Most likely LAN.


Log in to reply