On Sat, 2007-09-01 at 13:26 -0400, Teran McKinney wrote: > Hey, > > Thanks for the quick reply. Actually, I have no firewall in place. I > am behind a router, but I am using LFTP from my server which has no > iptables rules and is on a DMZ; so there are no ports blocked. My > router has all packet inspection off. LFTP is compiled with TLS/SSL > support. I don't think my previous FTP host had TLS, so that makes > sense.
Your router does at least NAT. Frankly - i don't believe it doesn't do any filtering, otherwise you wouldn't have any problems connecting with TLS awared ftp client to TLS enabled ftp server from behind the NAT using passive mode. Anyway - we reached the point where the things aren't lftp specific. It's just the matter of some networking knowledge - how FTP works; what are the differences between modes, especially what happens when you try to combine ftp with NAT and TLS. I can only say that passive mode is definitely the mode you want to use as it safer/easier to allow from router admin perspective. Maybe you think your router doesn't do any filtering while it really does; creating the rules on the fly allowing ( almost ) all outgoing traffic and returning one. Maybe it's smart enough to allow unencrypted ftp data transmission because it sees earlier what ports interested parties negotiated, allowing you to draw wrong conclusion. If that's the case - it won't be able to do the same in case of encrypted ftp control transmission. -- Miroslaw "Psyborg" Jaworski GCS/IT d- s+:+ a C++$ UBI++++$ P+++$ L- E--- W++(+++)$ N++ o+ K- w-- O- M- V- PS+ PE++ Y+ PGP t 5? X+ R++ !tv b++(+++) DI++ D+ G e* h++ r+++ y?
