Indunil Jayasooriya wrote: > > Hi all, > > I want to run vsftp behind a firewall.(i.e DMZ zone) . It is runnig as > passive ftp. > > the theroy behind passive ftp is , > except, passive vs active is the choice the CLIENT not the server. the only way to properly handle both modes is to parse the FTP commands on the control port (21) and setup/teardown port forwards on dynamic ports as needed. if you use the ip_nat_ftp module, this is all taken care of automatically and both transfer modes should work, you'll simply need to forward the control port.