[Firewall] I really need help to set up PASV port forwarding across NAT

Gustin Johnson gustin at meganerd.ca
Thu Oct 4 19:23:47 CEST 2012


The most recent cable modem that I have was configured for router mode.  I
had to call my ISP to have them enable "bridged mode" as Lonnie suggests.

Otherwise you may need to use a different protocol (sftp will still work
for you in this situation, though I would not have 2 NATs in-line like you
currently have).

On Thu, Oct 4, 2012 at 11:14 AM, Lonnie Abelbeck
<lists at lonnie.abelbeck.com>wrote:

> Eli,
>
> It appears your cable modem is doing NAT, which is your problem.
>
> Can't you configure your cable modem to be in 'transparent' or 'bridge'
> mode such that your public IP address appears on your firewall's external
> interface ?  Then only your firewall (AIF) is doing NAT.
>
> Personally, I have used cable modems for many years, and they all were in
> 'bridge' mode by default.  Perhaps your cable modem has a WiFi access point
> built in (hence router mode), personally I would disable that and place my
> own WiFi access point behind the AIF firewall so you get all of Arno's
> protection.
>
> Lonnie
>
>
>
> On Oct 4, 2012, at 12:01 PM, Eli Wapniarski wrote:
>
> > Hi Arno...
> >
> > Thanks for responding...
> >
> >
> > What I have is a cable modem.... The firewall is off and all ports
> (1-65535) are being forwarded to my network. The computer that I am using
> for a firewall has 2 interfaces. The One that's connected to the cable
> modem has the IP 10.0.0.1 and is connected to the modem interface which has
> an IP 10.0.0.138.
> >
> > My internal network is 192.168.0.1/24 with the ftp server at
> 192.168.0.221
> >
> > Relevant script settings are as follows
> >
> > EXT_IF="eth1"
> > INT_IF="eth2"
> > NAT=1
> > NAT_FORWARD_TCP="20,21,60000:65535>192.168.0.221
> > OPEN_TCP="20 21 60000:65535"
> >
> > I really do appreciate your assistance with this.
> >
> > Eli
> >
> > On Thursday 04 October 2012 14:00:40 Arno van Amersfoort wrote:
> >> We really need some more details on what you're trying to do before we
> >> can help you. Standard FTP PASV support should work out of the box with
> >> AIF....
> >>
> >> a.
> >>
> >> On 09/30/2012 08:01 AM, Eli Wapniarski wrote:
> >>> Sorry about sending this again.... I had a problem with my mail
> security.
> >>>
> >>> Would somebody be kind enough to lend me a hand setting up PASV port
> >>> forwarding across NAT. I believe that I have the firewall setup
> correctly
> >>> but I still can't get it to work.
> >>>
> >>> Thanks
> >>>
> >>> Eli
>
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20121004/0f95452f/attachment-0001.html>


More information about the Firewall mailing list