[Firewall] I really need help to set up PASV port forwarding across NAT

Lonnie Abelbeck lists at lonnie.abelbeck.com
Thu Oct 4 19:14:58 CEST 2012


It appears your cable modem is doing NAT, which is your problem.

Can't you configure your cable modem to be in 'transparent' or 'bridge' mode such that your public IP address appears on your firewall's external interface ?  Then only your firewall (AIF) is doing NAT.

Personally, I have used cable modems for many years, and they all were in 'bridge' mode by default.  Perhaps your cable modem has a WiFi access point built in (hence router mode), personally I would disable that and place my own WiFi access point behind the AIF firewall so you get all of Arno's protection.


On Oct 4, 2012, at 12:01 PM, Eli Wapniarski wrote:

> Hi Arno...
> Thanks for responding...
> What I have is a cable modem.... The firewall is off and all ports (1-65535) are being forwarded to my network. The computer that I am using for a firewall has 2 interfaces. The One that's connected to the cable modem has the IP and is connected to the modem interface which has an IP
> My internal network is with the ftp server at
> Relevant script settings are as follows
> EXT_IF="eth1"
> INT_IF="eth2"
> NAT=1
> NAT_FORWARD_TCP="20,21,60000:65535>
> OPEN_TCP="20 21 60000:65535"
> I really do appreciate your assistance with this.
> Eli
> On Thursday 04 October 2012 14:00:40 Arno van Amersfoort wrote:
>> We really need some more details on what you're trying to do before we
>> can help you. Standard FTP PASV support should work out of the box with
>> AIF....
>> a.
>> On 09/30/2012 08:01 AM, Eli Wapniarski wrote:
>>> Sorry about sending this again.... I had a problem with my mail security.
>>> Would somebody be kind enough to lend me a hand setting up PASV port
>>> forwarding across NAT. I believe that I have the firewall setup correctly
>>> but I still can't get it to work.
>>> Thanks
>>> Eli

More information about the Firewall mailing list