On Tue, 19 Jun 2012, Christopher Howard wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hey guys, as I mentioned before I wanted to set up a public FTP
> server, and I ended up using vsftpd. However, my server is on my local
> network, behind my modem NAT, and I use port forwarding to get in
> ports 20 and 21. From outside my network, I can connect to it using
> passive ftp, but not with active ftp. Is that good enough, or is it is
> necessary to provide active ftp services as well? To be honest, I'm
> not sure how to set that up -- presumably I would need to add an
> additional range of ports in the port forwarding configuration, and
> then configure vsftpd to use only those ports, right?
At this stage there's not only a large # of clients that support passive
FTP, there's probably a good number that do that by default. It's
definitely good enough. In order to support active FTP you need an ALG to
be loaded, in this case it's nf_nat_ftp and nf_conntrack_ftp. And the
obligatory RELATED rule in your firewall, of course.
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jun 19 08:21:30 2012
This archive was generated by hypermail 2.1.8 : Tue Jun 19 2012 - 08:21:30 AKDT