[Firewall] I really need help to set up PASV port forwarding across NAT
gustin at meganerd.ca
Thu Oct 4 19:23:47 CEST 2012
The most recent cable modem that I have was configured for router mode. I
had to call my ISP to have them enable "bridged mode" as Lonnie suggests.
Otherwise you may need to use a different protocol (sftp will still work
for you in this situation, though I would not have 2 NATs in-line like you
On Thu, Oct 4, 2012 at 11:14 AM, Lonnie Abelbeck
<lists at lonnie.abelbeck.com>wrote:
> It appears your cable modem is doing NAT, which is your problem.
> Can't you configure your cable modem to be in 'transparent' or 'bridge'
> mode such that your public IP address appears on your firewall's external
> interface ? Then only your firewall (AIF) is doing NAT.
> Personally, I have used cable modems for many years, and they all were in
> 'bridge' mode by default. Perhaps your cable modem has a WiFi access point
> built in (hence router mode), personally I would disable that and place my
> own WiFi access point behind the AIF firewall so you get all of Arno's
> On Oct 4, 2012, at 12:01 PM, Eli Wapniarski wrote:
> > Hi Arno...
> > Thanks for responding...
> > What I have is a cable modem.... The firewall is off and all ports
> (1-65535) are being forwarded to my network. The computer that I am using
> for a firewall has 2 interfaces. The One that's connected to the cable
> modem has the IP 10.0.0.1 and is connected to the modem interface which has
> an IP 10.0.0.138.
> > My internal network is 192.168.0.1/24 with the ftp server at
> > Relevant script settings are as follows
> > EXT_IF="eth1"
> > INT_IF="eth2"
> > NAT=1
> > NAT_FORWARD_TCP="20,21,60000:65535>192.168.0.221
> > OPEN_TCP="20 21 60000:65535"
> > I really do appreciate your assistance with this.
> > Eli
> > On Thursday 04 October 2012 14:00:40 Arno van Amersfoort wrote:
> >> We really need some more details on what you're trying to do before we
> >> can help you. Standard FTP PASV support should work out of the box with
> >> AIF....
> >> a.
> >> On 09/30/2012 08:01 AM, Eli Wapniarski wrote:
> >>> Sorry about sending this again.... I had a problem with my mail
> >>> Would somebody be kind enough to lend me a hand setting up PASV port
> >>> forwarding across NAT. I believe that I have the firewall setup
> >>> but I still can't get it to work.
> >>> Thanks
> >>> Eli
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> Arno's (Linux IPTABLES Firewall) Homepage:
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Firewall