Subject: Re: HELP! We need passive FTP to
From: andu (undo@cloud9.net)
Date: Sun Oct 08 2000 - 12:36:10 MDT
>
>We've got an internal FTP server running ProFTPD-1.2.0pre10 on YDL Linux
>behind a DSL/Cable router firewall. We have many computer-illiterate clients
>who connect with passive FTP: 1. AOL users; 2. Netscape users; 3. Users
>behind corporate firewalls.
>
>It's my understanding that passive FTP on the client's end tries to initiate
>connections on higher ports (not 20, 21) and that the port assignment varies
>from system to system, so it's very hard to know which ports to open up.
>
>But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
>all ports were forwarded to it from the router) and passive connections
>still wouldn't work (actually they could connect, but an 'ls' command failed
>with 'network unreachable'). Passive connections work fine if I take out the
>router.
>
>So, we need some way for clients to get their files onto our server. If not
>via FTP through some other method (e-mail isn't an optiion, as many ISPs
>limit the size of attachments to a few MB).
>
>I've heard it's pretty dangerous to open up SMB ports to the world. For our
>Mac clients we may consider opening afpovertcp with DHX encryption.
>
>Can anyone give advice how to solve the passive FTP problem or suggest an
>alternative method of file xfer. SSH and SCP are out; installation, setup,
>and use are just too complicated for non-computer people.
Use HTTP protocol with PUT method, always on port 80.
>
>
>--
>Randy Perry
>rgp systems
>
>Mac Consulting/Sales
>
>.
Regards, Andu
_______________________
undo@cloud9.net
This archive was generated by hypermail 2a24 : Sun Oct 08 2000 - 12:42:55 MDT