Pix 506 and PASV FTP

[lostandfound]

I am trying to set up an FTP server behind a PIX 506 firewall. The problem I am having is that I cannot connect to the server from the outside in PASV mode. If I disable PASV mode on the client side, no problem, but I need to be able to allow users to connect in PASV mode for reasons to laborious to list here. In my config file I have a "fixup protocol ftp 21" line and my FTP server IPs have ACL lines to allow FTP and FTP-data flow.

Does anyone know if there is a line I need to add to my config file in the PIX to allow the PASV mode.

Thank you,

Jon Ryan
renterpr@bellsouth.net

 

[yizhar]

HI.

The problem might be in a firewall/proxy(transparent?)/nat device on the client side or along the path, so try to connect a similar client directly to the pix or using dial-up account and different ISP.

Are you using port 21 or other for your FTP server?

Use syslog messages - do you see any related attempts blocked by the pix?

Use the command:

debug ftp

To see what is going behind the scenes.

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar