Re: [WS_FTP Forum]

[Claudio M Robles]

Title: Message

Andy,   MoveitDMZ sits on the DMZ and requires to open at least 4 ports, so it is probably similar to my suggestions.   Setting the server in the DMZ or forwarding some ports are workarounds. There is not too much else you can do about it, other than restricting the ports the servers uses for passive transfers, which in fact could be as little as one because the client uses a different port for every connection.   My understanding is that a future version of the server will include this feature (specifying the range of ports for passive transfers).     Claudio M. Robles FTP Dev. Team ----- Original Message ----- From: Andy Eng (IT Dept. - Langley) To: '[EMAIL PROTECTED]' Sent: Thursday, November 21, 2002 5:38 PM Subject: RE: [WS_FTP Forum] Claudio,   I posted a similar question to Jeff's the other day and I've seen at least one other similar message since then.  I think I can speak for most of us when I say that we all understand the nature of the problem.  What we want is an answer.  If there is no way to do this then that's the answer for now but how is it that the company that produces "MoveIt DMZ" says that their product can handle this  situation (i.e. NAT on both sides with SSL) by using configurable rules?  If there is something inaccurate in their statements please let us know.  I heard from your support personnel that your team is working on a way to make this work - when can we expect to see a solution?   Andy Eng Systems Administrator Overwaitea Food Group [EMAIL PROTECTED] -----Original Message----- From: Claudio M Robles [mailto:[EMAIL PROTECTED]] Sent: Thursday, November 21, 2002 2:19 PM To: [EMAIL PROTECTED] Subject: Re: [WS_FTP Forum] Jeff,      The problem is establishing data connections.  For that one of the peers (client or server) needs to inform the other where (ip and port) is going to wait for a connection and the firewall needs to forward this connection.   Some firewall automatically forward connections when they "see" the FTP command "port" going out, but for a SSL connection the firewall is not able to see anything, so you would need put the server on the DMZ (demilitarized zone), or configure the firewall to forward a large range of ports to the server.  WS_FTP 7.6 will detect the wrong IP when the server is NAT and automatically switch to the external IP.     Claudio M. Robles FTP Development Team     ----- Original Message ----- From: Jeffrey A. MacLardy To: [EMAIL PROTECTED] Sent: Thursday, November 21, 2002 4:48 PM Subject: [WS_FTP Forum] Does anyone have any creative solutions for using SSL behind NAT on client and server.  Ipswitch says it is not possible - I am curious what workarounds anyone has done.....   Jeff A. MacLardy, P.E. R.F. Stearns, Inc. 1800 Blankenship Rd., Suite 325 West Linn, OR  97068 (503) 723 5959 (503) 723 5960 FAX [EMAIL PROTECTED]