In the wise words of Renaud Chaillat:
> Le Mardi 17 Avril 2001 14:14, vous avez écrit :
> > Sounds like you need to usethe passive mode in your FTP client (only one
> > TCP connection)
> >>----- Original Message -----
> >> From: Phil Morden
> >>
> >> I've installed Proftpd on Cookfire RC1. I get connected to the server but
> >> never get a file list..it just waits then times out. I've followed the
> >> directions from the bastille-ftp readme. Can anyone help?
> >> Thanks.
>
> Actually ftp is really a problem with a 2.2 kernel (without connection
> tracking).
>
> You may look at two possibilities:
> - open tcp ports 21 (control) *and* 20 (data) in incoming traffic on the
> firewall to allow active ftp from the clients
> - open tcp port 21 and all high ports (> 1024) on the firewall to allow
> passive clients
>
> Either way this may not be such a good idea on a firewall box, and we haven't
> tried it yet (we may try it soon).
ftp stinks. It's a messed up protocol. With that said:
For option 2, it's not quite so bad. You can tell the FTP server to only use
the following ports, say 40000-50000, for passive connections. Then you only
have to open the firewall for those ports.
Finally, if you're using ip masquerading, there's a special kernel module
just for ftp that will handle ftp as if it were a normal protocol.
- Jay
