"Joe Wong" <joewong@mango.cc> wrote in message
news:exdk3WH0EHA.2572@tk2msftngp13.phx.gbl...
> Thanks for the info. By the way, I tried other FTP server like win_ftp,
> guildftp and titan.. they all give the option to configure the IP address
> in
> PASV response.

"Joe Wong" <joewong@mango.cc> wrote in message
news:OIpw2NrzEHA.1264@TK2MSFTNGP12.phx.gbl...
> Hello,
>
> I am running IIS 5 FTP behind a firewall with NAT. The server has only
one
> NIC which is bind to a 192.168 internal IP. Is it possible to configure
IIS
> to reply a public IP address ( which is the one mapped for public access )
> in passive mode?
>
> Best regards,
>
> - Joe
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.798 / Virus Database: 542 - Release Date: 2004/11/18
>
>

> This shouldn't be a concern, as NAT device if configured properly will
route
> the traffic correctly.
> The reason you seeing private IP address is by design behavior.
>
> --
> Regards,
> Bernard Cheah
> http://www.tryiis.com/
> http://support.microsoft.com/
> http://www.msmvps.com/bernard/
>
>
>
> "Joe Wong" <joewong@mango.cc> wrote in message
> news:OIpw2NrzEHA.1264@TK2MSFTNGP12.phx.gbl...
> > Hello,
> >
> > I am running IIS 5 FTP behind a firewall with NAT. The server has only
> one
> > NIC which is bind to a 192.168 internal IP. Is it possible to configure
> IIS
> > to reply a public IP address ( which is the one mapped for public
access )
> > in passive mode?
> >
> > Best regards,
> >
> > - Joe
> >
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.798 / Virus Database: 542 - Release Date: 2004/11/18
> >
> >
>
>

> configure the ip address in pasv response ?

"Joe Wong" <joewong@mango.cc> wrote in message
news:exdk3WH0EHA.2572@tk2msftngp13.phx.gbl...
> Hi Bernard,
>
> Thanks for the info. By the way, I tried other FTP server like win_ftp,
> guildftp and titan.. they all give the option to configure the IP address
in
> PASV response.
>
> Best regards,
>
> - Joe
>
> "Bernard" <qbernard@hotmail.com.discuss> ¦b¶l¥ó
> news:uyXIUaE0EHA.2192@TK2MSFTNGP14.phx.gbl ¤¤¼¶¼g...
> > This shouldn't be a concern, as NAT device if configured properly will
> route
> > the traffic correctly.
> > The reason you seeing private IP address is by design behavior.
> >
> > --
> > Regards,
> > Bernard Cheah
> > http://www.tryiis.com/
> > http://support.microsoft.com/
> > http://www.msmvps.com/bernard/
> >
> >
> >
> > "Joe Wong" <joewong@mango.cc> wrote in message
> > news:OIpw2NrzEHA.1264@TK2MSFTNGP12.phx.gbl...
> > > Hello,
> > >
> > > I am running IIS 5 FTP behind a firewall with NAT. The server has
only
> > one
> > > NIC which is bind to a 192.168 internal IP. Is it possible to
configure
> > IIS
> > > to reply a public IP address ( which is the one mapped for public
> access )
> > > in passive mode?
> > >
> > > Best regards,
> > >
> > > - Joe
> > >
> > >
> > >
> > > ---
> > > Outgoing mail is certified Virus Free.
> > > Checked by AVG anti-virus system (http://www.grisoft.com).
> > > Version: 6.0.798 / Virus Database: 542 - Release Date: 2004/11/18
> > >
> > >
> >
> >
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.798 / Virus Database: 542 - Release Date: 2004/11/18
>
>

> "Joe Wong" <joewong@mango.cc> wrote in message
> news:exdk3WH0EHA.2572@tk2msftngp13.phx.gbl...
> > Thanks for the info. By the way, I tried other FTP server like win_ftp,
> > guildftp and titan.. they all give the option to configure the IP
address
> > in
> > PASV response.
>
> That a feature is provided, does not make it the best way to achieve a
goal.
>
> Your NAT router is not just translating network addresses - it is also
> translating ports (it should really be called a NAPT router). While you
may
> be able to state accurately what network address externally represents
your
> internal FTP server, it's not always clear how the ports will be
translated.
> At best, a mismatch in ports will lead to transfers timing out and not
> succeeding - at worst, such a mismatch would be able to cause file
transfers
> to the wrong party, perhaps even one that has not authenticated.
>
> In addition, there are other advantages to asking the NAPT device to do
the
> translation for you - for instance, it will allow you to test your server
> internally as well as externally, without having to disable (and then
> remember to re-enable) the IP address translation, and hope that the
change
> of setting didn't interfere with the results of your test.
>
> All NAPT devices are supposed to monitor traffic on port 21 for FTP
commands
> and responses, and to change the IP address and port noted in those
> responses. If your NAPT router is not doing this, you should contact the
> manufacturer for an upgrade to its firmware.
>
> Alun.
> ~~~~
>
>

"Joe Wong" <joewong@mango.cc> wrote in message
news:uxo3jcU0EHA.2228@TK2MSFTNGP15.phx.gbl...
> Thanks for the details, I don't know much about NAT router myself. So, you
> are saying that the NAT router should be able to rewrite the IP
> address/PORT
> in PASV response? If this is so, it acts on data on the application layer?

> "Joe Wong" <joewong@mango.cc> wrote in message
> news:uxo3jcU0EHA.2228@TK2MSFTNGP15.phx.gbl...
> > Thanks for the details, I don't know much about NAT router myself. So,
you
> > are saying that the NAT router should be able to rewrite the IP
> > address/PORT
> > in PASV response? If this is so, it acts on data on the application
layer?
>
> Yes, and yes. Most NAT routers do this "out of the box" - without any
extra
> configuration. Some require updates to the firmware to get this feature
> working properly, and most of them will only do this if you are running
FTP
> at the default port number of 21.
>
> Alun.
> ~~~~
>
>