FTP Users behind NAT

Hi !
Have a little problem witn win 2003 server NAT. All my users are behind NAT
and the problem is when they are trying to log to ftp server outside of
company.
They authenticate to it and when they suppose to receive list of directories
they are dosconected. When using passive FTP it works fine. Anyone knows
some solution ? There is not firewall on server.

Thanks a lot in advance.

Hi,

Michal Fryda wrote:
> They authenticate to it and when they suppose to receive list of
> directories they are dosconected. When using passive FTP it works
> fine.

This is normal. By design, active FTP isn't intended to work with the
client behind NAT; if it ever does, it is only when the NAT routing software
in question specifically looks for FTP control messages passing through,
alters them, and automatically forwards ports.

> Anyone knows some solution ?

Use passive FTP. This is exactly why it was invented.


--
Chris Priede

Well there must be way how to make it use active FTP

"Chris Priede" <(E-Mail Removed)> pí¹e v diskusním pøíspìvku
news:(E-Mail Removed)...
> Hi,
>
> Michal Fryda wrote:
>> They authenticate to it and when they suppose to receive list of
>> directories they are dosconected. When using passive FTP it works
>> fine.
>
> This is normal. By design, active FTP isn't intended to work with the
> client behind NAT; if it ever does, it is only when the NAT routing
> software in question specifically looks for FTP control messages passing
> through, alters them, and automatically forwards ports.
>
>> Anyone knows some solution ?
>
> Use passive FTP. This is exactly why it was invented.
>
>
> --
> Chris Priede
>
>
>
>

And why don't you want to use passive ftp ?

MichalF wrote:
> Well there must be way how to make it use active FTP
>

Well i dont really have problem with that but not all of FTP servers support
passive connections. So thats why i need that . :-(


"Pierrot Robert" <mcthepro_at_hotmail.com> pí¹e v diskusním pøíspìvku
news:(E-Mail Removed)...
> And why don't you want to use passive ftp ?
>
> MichalF wrote:
>> Well there must be way how to make it use active FTP
>>
>
>

Hi,

MichalF wrote:
> Well there must be way how to make it use active FTP

Due to your insistence on not living with just passive FTP, I've looked at
the docs and it would appear that NAT in Windows 2003 RRAS has active FTP
translation support, but you have to enable it with:

netsh routing ip nat add ftp

This is documented here (watch out for long URL wrap):

http://www.microsoft.com/technet/pro...f4e9f04df.mspx

Hope that helps.

--
Chris Priede

"MichalF" <(E-Mail Removed)> wrote in message
news:eqgFV%(E-Mail Removed)...
> Well there must be way how to make it use active FTP

Most likely not.
NAT does have *limitations*
That is why "Passive" was invented.

Passive is the only way I have ever seen it work from behind a NAT Device
--
Phillip Windell [MCP, MVP, CCNA]
www.wandtv.com
-----------------------------------------------------
Understanding the ISA 2004 Access Rule Processing
http://www.isaserver.org/articles/IS...cessRules.html

Microsoft Internet Security & Acceleration Server: Guidance
http://www.microsoft.com/isaserver/t...dance/2004.asp
http://www.microsoft.com/isaserver/t...dance/2000.asp

Microsoft Internet Security & Acceleration Server: Partners
http://www.microsoft.com/isaserver/partners/default.asp
-----------------------------------------------------

This works ! Thanks a lot !

"Chris Priede" <(E-Mail Removed)> pí¹e v diskusním pøíspìvku
news:(E-Mail Removed)...
> Hi,
>
> MichalF wrote:
>> Well there must be way how to make it use active FTP
>
> Due to your insistence on not living with just passive FTP, I've looked at
> the docs and it would appear that NAT in Windows 2003 RRAS has active FTP
> translation support, but you have to enable it with:
>
> netsh routing ip nat add ftp
>
> This is documented here (watch out for long URL wrap):
>
> http://www.microsoft.com/technet/pro...f4e9f04df.mspx
>
> Hope that helps.
>
> --
> Chris Priede
>