Subject: OT: HELP! We need passive FTP to work
From: rgp systems (rgp@systame.com)
Date: Sun Oct 08 2000 - 13:24:18 EDT
We've got an internal FTP server running ProFTPD-1.2.0pre10 on Linux behind
a DSL/Cable router firewall. We have many computer-illiterate clients who
connect with passive FTP: 1. AOL users; 2. Netscape users; 3. Users behind
corporate firewalls.
It's my understanding that passive FTP on the client's end tries to initiate
connections on higher ports (not 20, 21) and that the port assignment varies
from system to system, so it's very hard to know which ports to open up.
But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
all ports were forwarded to it from the router) and passive connections
still wouldn't work (actually they could connect, but an 'ls' command failed
with 'network unreachable'). Passive connections work fine if I take out the
router.
So, we need some way for clients to get their files onto our server. If not
via FTP through some other method (e-mail isn't an optiion, as many ISPs
limit the size of attachments to a few MB).
I've heard it's pretty dangerous to open up SMB ports to the world.
Can anyone give advice how to solve the passive FTP problem or suggest an
alternative method of file xfer. SSH and SCP are out; installation, setup,
and use are just too complicated for non-computer people.
-- Randy Perry rgp systemsMac Consulting/Sales
This archive was generated by hypermail 2b28 : Wed Jan 17 2001 - 14:32:21 EST