This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FTP Server Help

I know this is probably covered 100 time but I cannot find the solution.
I have just set up my ASG220 got the ADSL connection working etc.
BUT I cannot get external access to my internal FTP server

I have set up as follows

1. Network --> Interfaces
           Name            FTP Port
           Type             Ethernet Standard
        Hardware          eth2
        Address            192.168.*.1

2. Definitions --> Networks
        Name            FTP Server
        Type             Host
        Address            192.168.*.3
        Interface        FTP Port

3.Network Security --> NAT --> DNAT/SNAT

          Name                   FTP NAT
         Source                  Any
         Service                 FTP
         Destination            FTP Port
         Mode                    DNAT
         Destination            FTP Server
         Destination Service FTP

         Automatic Packet Filter Rule box ticked

4.Network Security --> NAT --> DNAT/SNAT

          Name                   FTP SNAT
         Source                  FTP Server
         Service                 FTP
         Destination            Any
         Mode                    SNAT
         Source                  FTP Server
         Source Service       FTP

         Automatic Packet Filter Rule box ticked

5. FTP Service is default

6. Packet log is showing

10:45:23 Default DROP TCP 81.137.192.202:41015→81.138.8.196:21 [SYN]len=56ttl=56tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:00:00:00:00:00
10:45:26 Default DROP TCP 81.137.192.202:41015→81.138.8.196:21 [SYN] len=56ttl=56tos=0x00 srcmac=00:00:00:00:00:00 dstmac=00:00:00:00:00:00

Edited

I have looked in the full packet log and found this

2009:11:26-12:03:29 mactagAstaro2 ulogd[3273]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" seq="0" initf="ppp0" outitf="unknown" dstmac="00:00:00:00:00:00" srcmac="00:00:00:00:00:00" srcip="81.137.192.202" dstip="81.138.8.196" proto="6" length="56" tos="0x00" prec="0x00" ttl="56" srcport="38428" dstport="21" tcpflags="SYN"

Thanks for any help

This thread was automatically locked due to age.

Parents

0 BAlfson over 15 years ago

Roddy, I like Whity's idea about using the new 'Internet' object here as it really clarifies the function and purpose of the rule. In fact, the rule should not apply to traffic inside your network. If you have laptops that are used both inside and outside your network, create a static DNS entry with its FQDN and the internal IP either in the Astaro or your internal DNS.

But, Whity, I'm a little confused by your SNAT recommendation. I'm guessing that you meant that if external access is offered on an additional address (not the case here, as Roddy mentions), you need a SNAT 'FTP Server -> FTP -> Internet : SNAT from Additional Address', or ?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 15 years ago

Roddy, I like Whity's idea about using the new 'Internet' object here as it really clarifies the function and purpose of the rule. In fact, the rule should not apply to traffic inside your network. If you have laptops that are used both inside and outside your network, create a static DNS entry with its FQDN and the internal IP either in the Astaro or your internal DNS.

But, Whity, I'm a little confused by your SNAT recommendation. I'm guessing that you meant that if external access is offered on an additional address (not the case here, as Roddy mentions), you need a SNAT 'FTP Server -> FTP -> Internet : SNAT from Additional Address', or ?

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data