[Firewall] I really need help to set up PASV port forwarding across NAT

Darrick Hartman dhartman at djhsolutions.com
Thu Oct 4 20:45:15 CEST 2012

Looks like perhaps Comcast? The firmware they use cannot be put into bridge mode. Just set it to use the dmz feature on the modem and disable their included firewall. This works well with ATT Uverse modems as well.

Sent from my Android phone using TouchDown (www.nitrodesk.com)

-----Original Message-----
From: Gustin Johnson [gustin at meganerd.ca]
Received: Thursday, 04 Oct 2012, 12:24pm
To: Arno's IPTABLES firewall script [firewall at rocky.eld.leidenuniv.nl]
Subject: Re: [Firewall] I really need help to set up PASV port forwarding across NAT

The most recent cable modem that I have was configured for router mode.  I had to call my ISP to have them enable "bridged mode" as Lonnie suggests.

Otherwise you may need to use a different protocol (sftp will still work for you in this situation, though I would not have 2 NATs in-line like you currently have).

On Thu, Oct 4, 2012 at 11:14 AM, Lonnie Abelbeck <lists at lonnie.abelbeck.com<mailto:lists at lonnie.abelbeck.com>> wrote:

It appears your cable modem is doing NAT, which is your problem.

Can't you configure your cable modem to be in 'transparent' or 'bridge' mode such that your public IP address appears on your firewall's external interface ?  Then only your firewall (AIF) is doing NAT.

Personally, I have used cable modems for many years, and they all were in 'bridge' mode by default.  Perhaps your cable modem has a WiFi access point built in (hence router mode), personally I would disable that and place my own WiFi access point behind the AIF firewall so you get all of Arno's protection.


On Oct 4, 2012, at 12:01 PM, Eli Wapniarski wrote:

> Hi Arno...
> Thanks for responding...
> What I have is a cable modem.... The firewall is off and all ports (1-65535) are being forwarded to my network. The computer that I am using for a firewall has 2 interfaces. The One that's connected to the cable modem has the IP and is connected to the modem interface which has an IP
> My internal network is<> with the ftp server at
> Relevant script settings are as follows
> EXT_IF="eth1"
> INT_IF="eth2"
> NAT=1
> NAT_FORWARD_TCP="20,21,60000:65535>
> OPEN_TCP="20 21 60000:65535"
> I really do appreciate your assistance with this.
> Eli
> On Thursday 04 October 2012 14:00:40 Arno van Amersfoort wrote:
>> We really need some more details on what you're trying to do before we
>> can help you. Standard FTP PASV support should work out of the box with
>> AIF....
>> a.
>> On 09/30/2012 08:01 AM, Eli Wapniarski wrote:
>>> Sorry about sending this again.... I had a problem with my mail security.
>>> Would somebody be kind enough to lend me a hand setting up PASV port
>>> forwarding across NAT. I believe that I have the firewall setup correctly
>>> but I still can't get it to work.
>>> Thanks
>>> Eli

Firewall mailing list
Firewall at rocky.eld.leidenuniv.nl<mailto:Firewall at rocky.eld.leidenuniv.nl>
Arno's (Linux IPTABLES Firewall) Homepage:

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://rocky.eld.leidenuniv.nl/pipermail/firewall/attachments/20121004/e18642a2/attachment.html>

More information about the Firewall mailing list