22 Jan
2002
22 Jan
'02
02:28
Well, of course this is a possibility. But I'm not looking forward to explain all the users that they HAVE to use passive mode. I don't know what you work, but normally you have a few absolute Idiots in front of the PCs. And, what's more, I'd like to repair the cause, not to do workarounds at the symptoms :-)
Stephan
Well, from the security standpoint, passive mode is always preferrable as opposed to PORT mode. The reason is very simple: You don't really want some enitity outside to be able to open tcp connections to the inside. If you carefully send ftp protocol data through a ftp masquerading router, you can shoot open as many ports as you like. With some restrictions of course, but still. Roman.