Hi Colin,
> DNS seems fine:
>
> [root@server5 etc]# nslookup
>
> > bbc.co.uk
>
> Server: 127.0.0.1
> Address: 127.0.0.1#53
>
> Non-authoritative answer:
> Name: bbc.co.uk
> Address: 212.58.224.138
Ok, so it works in general. But how fast?
Do a "cat /etc/resolv.conf" and you will probably see multiple lines like
this:
nameserver 192.168.2.1
nameserver 192.168.15.1
nameserver 192.168.20.1
Run "nslookup bbc.co.uk <1st nameserveer>" to check if the 1st one listed
responds.
Example:
nslookup bbc.co.uk 192.168.2.1
If that works (and works fast) then you can rule out a DNS issue.
In an environment like yours (Firewall in front of thingss, public IP bound to
the router, then server on private NAT'ed IP's) FTP is a bit tricky in
general. The Firewall needs to have ports 49152-65534 open in order to allow
passive FTP. That's the IANA port range assigned for this. You can also make
that range smaller if you like to (or use different ports), but then you also
have to make sure your Proftpd knows about it and only uses ports from that
smaller range.
On BlueOnyx we do this in this section in proftpd.conf:
<Global>
AllowOverwrite yes
<Limit ALL SITE_CHMOD>
AllowAll
</Limit>
# Restrict the range of ports from which the server will select when sent the
# PASV command from a client. Use IANA-registered ephemeral port range of
# 49152-65534
PassivePorts 49152 65534
</Global>
We just added the "PassivePorts 49152 65534" to the existing <Global>
container.
--
With best regards,
Michael Stauber