[ previous ] [ next ] [ threads ]
 
 From:  "Mitch \(WebCob\)" <mitch at webcob dot com>
 To:  "Don Gray" <don at netcaliber dot com>, "Darth Moula" <darth underscore moula at atlas dot cz>, m0n0wall at lists dot m0n0 dot ch
 Subject:  RE: [m0n0wall] How to reslove FTP PASSIVE MODE?
 Date:  Sat, 21 Feb 2004 11:32:37 -0800
Completely don't understand why you think clients in ACTIVE mode is easy...
unless all your clients run on modem dialup or have sock proxies or ftp
proxy servers...

Maybe it's just me, but I haven't been on a network in a while that allows
active mode to work without some additional effort.

As for FTP servers, ProFTPD makes running a passive mode server on dedicated
port ranges easy.

my 2 pennies - off topic though they may be

m/

> -----Original Message-----
> From: Don Gray [mailto:don at netcaliber dot com]
> Sent: Saturday, February 21, 2004 11:09 AM
> To: Darth Moula; m0n0wall at lists dot m0n0 dot ch
> Subject: Re: [m0n0wall] How to reslove FTP PASSIVE MODE?
>
>
> It's not easy or safe to use a PASV FTP server....you need to open a range
> of ports and redirect them to the server.  You must also configure the
> server to use this range of ports with PASV ftp.  A better answer is to
> require clients to use ACTIVE mode FTP...this is straight forward and
> doesn't require any configuration beyond opening port 21 and
> redirecting it
> to the server.
>
> ----- Original Message -----
> From: "Darth Moula" <darth underscore moula at atlas dot cz>
> To: <m0n0wall at lists dot m0n0 dot ch>
> Sent: Saturday, February 21, 2004 9:58 AM
> Subject: [m0n0wall] How to reslove FTP PASSIVE MODE?
>
>
> > My problem is not how to run ftp server behind firewall. My
> problem how to
> > allow access to ftp servers in WAN from LAN.
> > When I block in the RULES all outgouing packets except TCP FTP, ftp
> > transfers works only when not PASV required. PASV requires to establish
> new
> > connection on the not predetermined ports (another server by
> server). How
> to
> > set RULES?
> >
> > Thanks, D.M.
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> > For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
> >
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch
>
>