Re: HELP! We need passive FTP to work


Subject: Re: HELP! We need passive FTP to work
From: Robert Vogt IV (vogt@arborhost.com)
Date: Sun Oct 08 2000 - 11:47:45 MDT


    Create an upload script... :)

                    -Robert Vogt IV

----------
>From: rgp systems <rgp@systame.com>
>To: YDL <yellowdog-general@lists.yellowdoglinux.com>
>Subject: HELP! We need passive FTP to work
>Date: Sun, Oct 8, 2000, 1:44 PM
>

> We've got an internal FTP server running ProFTPD-1.2.0pre10 on YDL Linux
> behind a DSL/Cable router firewall. We have many computer-illiterate clients
> who connect with passive FTP: 1. AOL users; 2. Netscape users; 3. Users
> behind corporate firewalls.
>
> It's my understanding that passive FTP on the client's end tries to initiate
> connections on higher ports (not 20, 21) and that the port assignment varies
> from system to system, so it's very hard to know which ports to open up.
>
> But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
> all ports were forwarded to it from the router) and passive connections
> still wouldn't work (actually they could connect, but an 'ls' command failed
> with 'network unreachable'). Passive connections work fine if I take out the
> router.
>
> So, we need some way for clients to get their files onto our server. If not
> via FTP through some other method (e-mail isn't an optiion, as many ISPs
> limit the size of attachments to a few MB).
>
> I've heard it's pretty dangerous to open up SMB ports to the world. For our
> Mac clients we may consider opening afpovertcp with DHX encryption.
>
> Can anyone give advice how to solve the passive FTP problem or suggest an
> alternative method of file xfer. SSH and SCP are out; installation, setup,
> and use are just too complicated for non-computer people.
>
>
> --
> Randy Perry
> rgp systems
>
> Mac Consulting/Sales



This archive was generated by hypermail 2a24 : Sun Oct 08 2000 - 11:54:34 MDT