> The requirement that the data connection must come from port ftp-data is > commonly relaxed. In order for the ftp server to use port 20 (which is > privileged, < 1024), the server would have to run as root permanently. > Most server operators prefer their daemon to drop privileges and > violate the RFC (if it is indeed a violation, I haven't checked), and > most clients have to relax to interoperate. > > The second requirement, that the data connection source must match the > control connection peer, is also often violated. For instance, the > OpenBSD ftp(8) client does not enforce it. The reverse also happens > regularly, a ftp server getting data connection from a client having a > different source address than the one used by the control connection > (see -P in ftpd(8)). > > In short, most sufficiently-advanced ftp clients (and servers) have > options to enable or disable these restrictions. It might be true that a > strictly RFC compliant ftp client will not work with ftp-proxy. But that > client will then also not work with a significant number of real ftp > servers out there, either. > > Daniel >
This might all be true, but the trouble is Microsoft (with Windows XP Service Pack 2, I haven't tried any others) is inforcing these rules.
