On Tuesday 23 January 2007 10:11, Greg Wallace wrote: > On Tuesday, January 23, 2007 @ 12:08 AM, Darryl Gregorash wrote: > >On 2007-01-22 21:31, Greg Wallace wrote: > >> <snip> > >> > >> John Anderson mentioned that active ftp wasn't supported on his Netgear. > > I > > >> really don't know the difference between the two. My assumption is that > >> limitation wouldn't cause me any inconvenience. > > > >http://slacksite.com/other/ftp.html > > Excellent description. I just wonder how often you'd run into a site that > didn't support passive ftp. In any even, not having active ftp capability > would seem to be a small drawback, at least in my case. > > Greg Wallace
Actually I found the article very misleading, and in placed, just flat wrong. In describing passive ftp it says: "The client will make both connections to the server, but one of them will be to a random high port, which would almost certainly be blocked by a firewall on the server side." Random high ports? I think not. The client will connect to a SPECIFIC port passed to it from the server, and upon which the server has started listening. There is nothing random about it. Furthermore, ftp servers are not usually frontended with a firewall, at least not linux/unix ftp servers. Secondly, with any proper implementation of iptables in the server OR the firewall, these so called "random" port assignments are easily tracked and handled properly. My users have no problems using passive ftp from behind the firewall/router running on SUSE (configured using Shorewall, but other tools work as well). -- _____________________________________ John Andersen
pgpPihyoWbNqq.pgp
Description: PGP signature
