Robert Buel wrote: > > > Fabiano: I would refer to your firewall vendor's site or support. I have > seen this with v4 of FW-1, and there are several workarounds at > www.phoneboy.com.
Erm... passive ftp would seem to be a more secure solution, in that you are not circumventing a firewall. The whole point of passive ftp is that it works through firewalls. > BTW, IMHO, the original reply on the tag of this message is flippant, > and not in the least informative. This condescension is hardly the way > to respond to this guy's legitimate question, and, in fact, it is > obvious that this person even didn't understand the problem! I would not say that "it is obvious that this person even didn't understand the problem!" In fact, it seemed quite the opposite to me. The response was terse, but it did highlight the problem and suggest a solution. Perhaps mentioning passive mode would have been more helpful than simply linking to the RFC, but I see no problem with the response semantically or otherwise. In fact, the response was geared toward education. I feel that in posting to this or any technical mailing list, one should try to research a problem before simply posting it. If one does not at least try to fix the problem on one's own, he is running the risk of one or more of the following: - being told to RTFM - ignored - irritating list members - being flamed Commentary follows: >>Does anybody knows why when I try to FTP anywere, loggin on my FW, I >>saw a packet coming from port 20 (remote) to a randon port on my FW.. > > > Yes. It is the Data port of FTP. Answer to the question, "what is this packet and why is it going to a [random] port on my firewall?" >>But there is anything very strange occurring.....I can authenticate on >>FTP Server....but when I try to get a list (ls or dir or something else >>.....) simply the server give me a packet on a random port....so my FW >>blocks!!! > > > There's nothing strange about that. True. >>Is it right or not? If right, what I have to do on my fw to permit >>this packet traffic? > > > Yes, it is right. You should read: http://www.faqs.org/rfcs/rfc959.html > You can find Howtos on what to do on the Internet. Solution. -- Josh Glover <[EMAIL PROTECTED]> Associate Systems Administrator INCOGEN, Inc.
