Hi,
I have published several internal FTP server through public external ip mapped on the WAN (external interface). For example:
194.1.1.2/29 is the ip of wan_eth1, 194.1.1.1 is the ip of the router, 194.1.1.3 and 194.1.1.4 are additional address (alias) published on wan_eth1.
There is a DNAT rule to redirect FTP (21) from 194.1.1.3 to and internal ftp private server (for example 192.168.1.100).
I'm able to establish ftp connection to 194.1.1.3 via prompt of dos of a PC client (windows 7); I'm able to make action of put and get files. I can say that FTP - ACTIVE mode works correctly.
If I try to use FIREFOX and write ftp://194.1.1.3 I'm able to arrive to insert username and password but after this action the connection is closed. DATA connection fails. Firefox uses ftp client connection in PASSIVE mode. With Internet Explorer you can decide to set ftp client connection either passive or active according to a flag. The pc where I attempt with firefox (in passive mode) the client connection to the ftp server protected by astaro is not protected by other firewall so my request arrive in passive mode to ASTARO GATEWAY. Is there a way, a proxy or something else, to enable publishing FTP server to permit PASSIVE MODE? Normally client and server negotiate the "data port" because they are dynamically elaborated....is there a mechanism of Astaro to intercept this negotiation and permit only the needed port?
Thank you for your help
This thread was automatically locked due to age.
