Earl wrote:
> We are having an issue with our FTP site, which is located behind a
> BorderManager firewall using NAT.
>
> A few users, but certainly not all users, receive this error when trying
> to access our FTP server.
>
> Error: Connection timed out
> Error: Failed to retrieve directory listing
>
> Most users connect just fine. No errors.
>
> I have tried to connect from home to our FTP server. No problem. But,
> if I connect to the FTP server through our Guest DMZ that provides
> internet access to guests in our building via a Cisco Pix, I also get
> the error messages. Strange thing is... when the error occurs, the FTP
> server seems to be answering the FTP commands by providing the PRIVATE
> IP address and not the PUBLIC IP address. Thus, the traffic is dropped
> at the firewall. The FTP server accepts the password and the login
> name, but fails when trying to provide the directory listing of the FTP
> site to the client.
>
> I have Static and Dynamic Mode turned on for NAT.
>
> Any ideas what would cause this ?
>
> The FTP server is not the same server as the BorderManager server.
>
>
This is working properly. A ftp server behind nat should work in
active (port) mode only, otherwise it will use the private ip instead of
the public ip. Tid10013814, so configure the ftp server to work only in
PORT mode. Your log file shows that.
and
http://www.slacksite.com/other/ftp.html to understand the
differences between both modes
gonzalo
Re: Problem with FTP server behind BM NAT
Threaded Mode
