* EleBBS Support List

Scott,

>> Doesn't the problem then show up on the server side if you're behind an
>>NAT?

> Active requires an open client and passive requires an open server.

> Intelligent NAT will be able to figure out which ports to open either
> way, so it depends on whether a static firewall is in use.

I think normally firewalls are configured to allow people connecting
outside, but blocks incoming requests. This behavior makes ftp server can't
establish connections to the client.

I think using PASV, when always the connections go from client to server, it
doesn't happen... I'm not an expert in FTP protocol, so maybe I'm mistaken.

I suggest D.J.Bernstein article about FTP security:
http://cr.yp.to/ftp/security.html 
He writes about the weakness of the too modes.
He doesn't recommend ftp at all, but I think he prefers PASV with his frase:
"I recommend against all use of PORT."

I'm trying to use ftp behind ssl.
It works fine when testing at home (without firewalls), but at work, I can't
establish data connections. I think PASV shall solve this issue.

Regards,
Ioram Sette


_______________________________________________________________


--- Internet Rex 2.29