On Wed, Jun 09, 2004 at 09:31:35AM -0400, Don Himelrick wrote: > The packets are apparently being dropped because of the source ports on > the packets lftp sends to the server when trying to establish a data > connection after logging in. For example, the server responds with a > port number 3004, so lftp replies with a packet with a destination port > of 3004 and a source port of 40957. The server either doesn't get the > packet because the firewall drops it because of the source port, or the > server does get it and sends a packet back to me with a source port of > 3004 and a destination port number now of 40957 and this packet gets > dropped by the firewall. In either case, all they can tell me is that > port 40957 is the "problem". I thought the ftp client picks random > source ports (N > 1024, and N + 1) for passive ftp, using the > destination port specified by the server. These source ports are what > I'd like to limit.
Ok, I see. I have modified lftp so that the setting ftp:port-range is also applied to passive mode. Please try lftp-3.0.6rc3. -- Alexander.
