[Firewall] I really need help to set up PASV port forwarding across NAT

Eli Wapniarski eli at orbsky.homelinux.org
Thu Oct 4 19:31:29 CEST 2012


I cannot enable or disable bridged mode through the web interface...I will see 
if I can access the modem via telnet over the weekend. As for wifi, it has 
been disasbled.

I should be looking into the over the next couple of days... Thanks for your 
assistance on this.

Eli

On Thursday 04 October 2012 12:14:58 Lonnie Abelbeck wrote:
> Eli,
> 
> It appears your cable modem is doing NAT, which is your problem.
> 
> Can't you configure your cable modem to be in 'transparent' or 'bridge' mode
> such that your public IP address appears on your firewall's external
> interface ?  Then only your firewall (AIF) is doing NAT.
> 
> Personally, I have used cable modems for many years, and they all were in
> 'bridge' mode by default.  Perhaps your cable modem has a WiFi access point
> built in (hence router mode), personally I would disable that and place my
> own WiFi access point behind the AIF firewall so you get all of Arno's
> protection.
> 
> Lonnie
> 
> On Oct 4, 2012, at 12:01 PM, Eli Wapniarski wrote:
> > Hi Arno...
> > 
> > Thanks for responding...
> > 
> > 
> > What I have is a cable modem.... The firewall is off and all ports
> > (1-65535) are being forwarded to my network. The computer that I am using
> > for a firewall has 2 interfaces. The One that's connected to the cable
> > modem has the IP 10.0.0.1 and is connected to the modem interface which
> > has an IP 10.0.0.138.
> > 
> > My internal network is 192.168.0.1/24 with the ftp server at 192.168.0.221
> > 
> > Relevant script settings are as follows
> > 
> > EXT_IF="eth1"
> > INT_IF="eth2"
> > NAT=1
> > NAT_FORWARD_TCP="20,21,60000:65535>192.168.0.221
> > OPEN_TCP="20 21 60000:65535"
> > 
> > I really do appreciate your assistance with this.
> > 
> > Eli
> > 
> > On Thursday 04 October 2012 14:00:40 Arno van Amersfoort wrote:
> >> We really need some more details on what you're trying to do before we
> >> can help you. Standard FTP PASV support should work out of the box with
> >> AIF....
> >> 
> >> a.
> >> 
> >> On 09/30/2012 08:01 AM, Eli Wapniarski wrote:
> >>> Sorry about sending this again.... I had a problem with my mail
> >>> security.
> >>> 
> >>> Would somebody be kind enough to lend me a hand setting up PASV port
> >>> forwarding across NAT. I believe that I have the firewall setup
> >>> correctly
> >>> but I still can't get it to work.
> >>> 
> >>> Thanks
> >>> 
> >>> Eli
> 
> _______________________________________________
> Firewall mailing list
> Firewall at rocky.eld.leidenuniv.nl
> http://rocky.eld.leidenuniv.nl/mailman/listinfo/firewall
> Arno's (Linux IPTABLES Firewall) Homepage:
> http://rocky.eld.leidenuniv.nl

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.



More information about the Firewall mailing list