I have a very basic question.
I have a NAS behind the firewall and I have to allow LAN computers to access external FTP servers.
I have NATted the port 21 and the ports from 1024-65535 to the internal NAS.
It works. But, PC on LAN cannot access external FTP server. I imagine that the problem is with the passive mode.
When the internal PC starts a connection to outside, it chooses a random port which the remote FTP server will use. But at that point, the connection from the remote server back to the client will before erroneously forwarded to the NAS.
The connection towards the remote FTP works only if I disable port forwading of passive ports.
Any suggestion?
0 ;;; default configuration
chain=srcnat action=masquerade out-interface=ether1-gateway log=no log-prefix=""
1 ;;; admin machine
chain=dstnat action=dst-nat to-addresses=10.1.0.203 to-ports=22 protocol=tcp in-interface=ether1-gateway dst-port=1234 log=no log-prefix=""
2 chain=dstnat action=dst-nat to-addresses=10.1.0.100 to-ports=17700-17704 protocol=tcp dst-port=17700-17704 log=no log-prefix=""
3 chain=dstnat action=dst-nat to-addresses=10.1.0.99 to-ports=4299 protocol=tcp dst-port=4299 log=no log-prefix=""
4 chain=dstnat action=dst-nat to-addresses=10.1.0.99 to-ports=47 protocol=tcp in-interface=ether1-gateway dst-port=47 log=no log-prefix=""
5 chain=dstnat action=dst-nat to-addresses=10.1.0.99 protocol=tcp dst-address-type=local in-interface=ether1-gateway dst-port=21 log=no log-prefix=""
6 X chain=dstnat action=dst-nat to-addresses=10.1.0.99 to-ports=20 protocol=tcp in-interface=ether1-gateway dst-port=20 log=no log-prefix=""
7 chain=dstnat action=dst-nat to-addresses=10.1.0.99 to-ports=1024-65535 protocol=tcp dst-port=1024-65535 log=no log-prefix=""
8 X ;;; raspberry
chain=dstnat action=dst-nat to-addresses=10.1.0.14 to-ports=22 protocol=tcp in-interface=ether1-gateway dst-port=1014 log=no log-prefix=""