Article delegate-en/2767 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegate FTP PASV behind NAT
13 Oct 2004 20:23:29 GMT (Yutaka Sato)
The DeleGate Project

On 10/11/04(22:49) you "Deffranne Laurent (DBB)" <>
in <_A2763@delegate-en.ML_>:
 |I am looking to set up a Delegate Proxy on a internal server behind a Firewall & NAT box.
 |Here is my network configuration :
 |Firewall external IP :
 |Delegate Server internal IP :
 |The firewall will transmit all incoming connections to the Internal server without problems.
 |The problem is that delegate delegate is now responding with "227 Entering Passive Mode (,128,66)."
 |on the FTP PASV requests coming from internet.
 |So the internet clients try to connect to the internal adress, without success of course.
 |How can I configure Delegates in such a way that it returns the IP adress on every FTP PASV answer ?
 |I have read about the "SRCIF" parameter, but i am unable to find the rights parameters to use in this case.

I think the following parameter will do it:


Or if your server is to be accessed without the NAT from internal clients
(on .localnet), such clients should be excluded from the mapping like this:


Reading your question, I thought it should be done with "ftp-data-pasv",
but it does not work because it tries to bind a socket to the specified,
non-local interface, and fails.  Then I'm reminded with "tcpbound".
I'm not so sure but this is the reason why I introduced "tcpbound" in
DeleGate/8.5.6 (and I noticed "tcpbound" is not expressed in Manual.htm...)

8.5.6 030628 inets.c: introduced SRCIF=tcpbound for FTP PASV (on SSL) behind NAT

  D G   Yutaka Sato <>
 ( - )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]