You need to allow high incoming tcp ports. Active ftp is the kind that uses port 20. When the client requests data, like in 'ls' or 'get', the server will open a connection from port 20 to the client. This way, the client will have to open up *its* firewall. Passive ftp is considered safer - for the client, not necessarily for the server. There, the client tells the server which port to use, and it will open the connection itself, so all the client ever sees are outgoing connections. Regards Anders On Friday 06 July 2001 01:44, Steven Hatfield wrote:
Hi all, I was wondering: how do you handle the allowing of passive FTP connections through a firewall? Maybe I'm just not doing something right. Right now, I have port 21 open on my firewall, so people can connect to me via FTP. I read somewhere that passive FTP uses port 20 for the data connection, so I opened that as well. Still, when people connect to my server, they type 'ls -l' and it just hangs until they kill it -- ie. there is no data coming back to them.
Any help is appreciated, my firewall iptables script is available upon request.
Thanks, Steven