-----Original Message----- From: remote [mailto:remote@leat.ruhr-uni-bochum.de] Sent: Monday, April 19, 2004 1:00 PM

...

Check your "services option" in /etc/sysconfig/SuSefirewall2. FTP ports must be declared in the "EXT" services.

The ports 20 and 21 are declared in the "EXT" services.

...

Actually it is the other way round. You machine should have its high ports open and the server should have ports 20 and 21 open.

20 and 21 on the server are for active ftp, passive ftp would be 21 and unprivileged port

I don´t get that. I thought passive FTP is used so that I don´t have to keep these higher ports open if I only want to download stuff. If not, what´s the point ?

The point is all the connection are established by your machine. You can use connection tracking to securely open the high ports on your machine "by demand" The imho best explanation about active and passive ftp is http://slacksite.com/other/ftp.html HTH marc