> Yes it unfortunately causes real problems but forr now we are working > without ftp-proxy and therefore allowing all ports >1024. A little, ugly > workaround ;).
In case it's helpful, it's perhaps worth mentioning that allowing a much more restricted range of ports, controlled by sysctls, is enough. >From the man page of ftpd(8): "For passive mode data connections, ftpd will listen to a random high TCP port. The interval of ports used are configurable using sysctl(8) vari- ables net.inet.ip.porthifirst and net.inet.ip.porthilast." The defaults (taken from a 4.2 box): $ sysctl -a | grep porthi net.inet.ip.porthifirst=49152 net.inet.ip.porthilast=65535 Best, -Matt
