Article delegate-en/4625 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
[Reference:<_A4623@delegate-en.ML_>]
Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Delegate 9.9.5: how to give public IP in PASV response?
09 Nov 2009 23:57:31 GMT feedback@delegate.org (Yutaka Sato)
The DeleGate Project


Hi,

In message <_A4623@delegate-en.ML_> on 11/10/09(00:25:04)
you "HD Sorgenia | Andrea `Zuse' Balestrero" <pkyiqbdyi-dyd2yvexqdxr.ml@ml.delegate.org> wrote:
 |----------------------------
 |[FTPS session, passive mode]
 |Command:	PASV
 |Response:	227 Entering Passive Mode (192,168,250,21,117,48).
 |----------------------------
 |
 |Port 117*256+48 = 30000 is the correct port number, set by using
 |command SRCIF="*:30000-30050:ftp-data" .
 |
 |But the IP address in PASV response is our Delegate private address,
 |behind static NAT.
 |
 |We'd like to respond with the correct IP address (public, that is
 |the IP reachable from clients on the Internet).

Adding a SRCIF with "tcpbound" as follows will do mapping the address
of the port after it is bound.

  SRCIF="123.123.123.123:-:tcpbound"


 |In FTPS our firewall is unable to make any translation inside the
 |protocol (in packet payload).

If your client can use EPSV instead of PASV, it can do it.

Cheers,
Yutaka
--
  9 9   Yutaka Sato <y.sato@delegate.org> http://delegate.org/y.sato/
 ( ~ )  National Institute of Advanced Industrial Science and Technology
_<   >_ 1-1-4 Umezono, Tsukuba, Ibaraki, 305-8568 Japan
Do the more with the less -- B. Fuller

  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V