"Chris Hellberg" <chris@ipsm.net.nz> wrote:
>Passive also has *wonderful* attribute that neither end has a data port
>of comminality for each transfer. Each new connection has an ephimeral
>port at both ends. Quite often the client's source data port will be one
>higher than the control port.

The source port doesn't matter a bean unless you're explicitly filtering
traffic on port 20 (or all low ports). Any sensible firewall opens a
hole through the firewall for any outbound TCP connection request,
regardless of source port or inbound request permitted by a PORT command
in an FTP control channel the NAT is monitoring. So unless things have
been configured wrong, active FTP will work (or not) regardless of what
source port the remote server uses.

If an FTP server is behind a NAT, you find that many NAT devices that
handle active FTP ok often don't handle passive FTP correctly. Which
makes passive FTP rather less than wonderful.

Like I said, FTP must die.

-- don

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@lists.unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Fri Oct 5 15:00:53 2001