Subject: HELP! We need passive FTP to work
From: rgp systems (rgp@systame.com)
Date: Sun Oct 08 2000 - 11:44:13 MDT
We've got an internal FTP server running ProFTPD-1.2.0pre10 on YDL Linux
behind a DSL/Cable router firewall. We have many computer-illiterate clients
who connect with passive FTP: 1. AOL users; 2. Netscape users; 3. Users
behind corporate firewalls.
It's my understanding that passive FTP on the client's end tries to initiate
connections on higher ports (not 20, 21) and that the port assignment varies
from system to system, so it's very hard to know which ports to open up.
But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
all ports were forwarded to it from the router) and passive connections
still wouldn't work (actually they could connect, but an 'ls' command failed
with 'network unreachable'). Passive connections work fine if I take out the
router.
So, we need some way for clients to get their files onto our server. If not
via FTP through some other method (e-mail isn't an optiion, as many ISPs
limit the size of attachments to a few MB).
I've heard it's pretty dangerous to open up SMB ports to the world. For our
Mac clients we may consider opening afpovertcp with DHX encryption.
Can anyone give advice how to solve the passive FTP problem or suggest an
alternative method of file xfer. SSH and SCP are out; installation, setup,
and use are just too complicated for non-computer people.
-- Randy Perry rgp systemsMac Consulting/Sales
This archive was generated by hypermail 2a24 : Sun Oct 08 2000 - 11:51:04 MDT