Re: How do I set up Cisco 1600 nat port range for pasv ftp?
Available news archives: comp.lang.tcl - comp.lang.python - comp.security.firewalls - sci.crypt - comp.lang.php - comp.lang.javascript
Google
 
Web news.hping.org


comp.security.firewalls archive

Re: How do I set up Cisco 1600 nat port range for pasv ftp?

From: Brad <bradmbreer@yahoo.com>
Date: Fri Aug 12 2005 - 18:55:31 CEST



> But to support passive ftp (PASV) I need to also accept incoming


> traffic to ports 5500-5700.  This is because the ftp server will give


> the ftp client a random node in that range to connect to for data


> transmission.



Not sure how to configure the 1600 to do port forwarding for that range


of ports but that's not your only problem. Not only does the FTP server


pass the client a randowm port number for the data connection but it


also passes its IP address (the internal address) so the client will be


sending packets to the 192.168.0.2 address. If your FTP server supports


PASV mode you'll need to configure it to use the external IP address of


the NAT'ing machine and not it's own private IP address when it


responds to the PASV command.


Received on Thu Sep 29 20:01:49 2005