I just had a look at the firewall setting available on my TiPB 550 running 10.3.9. The ftp access option says "FTP Access (20-21, 1024-65535 from 20-21) if that is of any use.
My background is in Cisco routers and their access lists allow for established TCP connections regardless of port numbers. So passive ftp worked well if you allowed ftp but still stuffed up normal ftp unless all ports above 1023 were permitted. It was painful and less secure to have to open up all of the ports that are not "well known" Sorry I couldn't be of more help. Cheers Greg > From: Martin Hill <[EMAIL PROTECTED]> > Date: Fri, 10 Jun 2005 16:56:23 +0800 > To: WAMUG Mailing List <[email protected]> > Subject: Re: FTP through Tiger Server Firewall problem > >> From: Greg Pennefather <[EMAIL PROTECTED]> >> If the FTP client is able to connect and issue commands but then doesn't get >> any response, then using a passive ftp client and server is the answer. FTP >> has always been a problem for firewalls and that's why passive mode clients >> were introduced. > > Thanks for the suggestions Rob and Greg, but we are already using passive > ftp from both dedicated FTP clients and from within web browsers like Safari > and they all fail to download the files off the server when the built-in > firewall in Tiger Server is enabled despite supposedly enabling FTP in the > firewall's "allow" list. > > As a test, instead of trying to set up an Advanced Rule along the lines of: > > "ALLOW If protocol is TCP and source port is 20,21 and destination port is > 1024-65535" > > I just opened ports 1024-65535 to FTP and it all worked. However, that is a > big swathe of ports to open without the "if ports 20,21 are the source" > criteria so I'll keep looking. > > Apples docs at this detail are pretty poor :-( > > -Mart > > -------------------------------------- > Martin Hill > mailto:[EMAIL PROTECTED] > homepages: http://mart.ozmac.com > Mb: 0417-967-969 hm: (08)9314-5242 > > > > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Unsubscribe - <mailto:[EMAIL PROTECTED]> > > WAMUG is powered by Stalker CommuniGatePro >
