[ previous ] [ next ] [ threads ]
 
 From:  Ugo Bellavance <ugob at camo dash route dot com>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Passive FTP while blocking most outbound ports
 Date:  Thu, 28 Apr 2005 16:18:08 -0400 
Hi,

	In my DMZ zone, I blocked all ports except FTP, FTP-DATA, HTTP , WHOIS, 
DNS, SMTP and HTTPS, since the servers in that zone only use those.  I 
block everything else.  However, when I try fetching something (my DCC 
update package) using FTP (through wget), it fails at the 'PASV'.  I 
tried using the --passive-ftp switch, but it doesn't change anything.

	Is there anything I can do?  From what I understand wget works in 
active mode by default.

	I tried with ncftp and I get a similar problem.  With passive = off, 
the listings fail.  With passive = on, the listing times out.

	I searched through the archives and have seen a couple of messages with 
this problem, but no solution.  Anyone has a clue?  From what I could 
read, active should work without problem, and passive should work if I 
know the higher ports used.  In my case, active doesn't work and I can't 
tell what higher ports are used since it is not my ftp server.

m0n0wall 1.11.

Thanks,

Ugo