On Tue, Aug 22, 2000 at 09:03:59PM -0700, Nate Amsden wrote: > ftp is a horrible protocol to try to firewall because of all the ports > it uses, i suggest using the package 'iptraf' to see what ports are > being used when you connect to it. there are 2 modes of ftp, passive and > active. Switch your ftp client to PASSIVE mode and it should work(i just > tried it) using unix ftp just type 'passive'. To get active mode
unfortunatly i think there are some lame servers that do not support PASV but i think they are becoming more rare.. > working you will have to forward thousands of ports most likely as i > believe it uses a random port above 1024. You can also try to find a ftp > server that forces the client into passive mode if you have users that > won't know how to use passive. IMO though, ftp is insecure and i > reccomend using SSH w/scp to transfer files(it encrypts both the login > and the data). heh, i have gotten into a flamewar several times with someone i know in irc conversations about the merits of scp over ftp, the problem is he is a MacOS user who maintaines web sites, he uses a MacOS ftp program called Anarchie to upload the site. he refuses to consider using scp instead since it is not `drag and drop' there are also pesky windows lusers who use basically the same excuse. trying to force scp on these people would result in a lynching of the sysadmin ;-) and yes i am aware of various kludges to enable ftplike attributes to scp, the problem is those won't work with the specific ftp clients (Anarchie) that these users demand to use. even sslized ftp is not an option since these clients of course don't support that either... so the way i see it we as sysadmins are not going to be able to kill and bury ftp until there is a sftp implementation that is Free (speech) and the popular ftp clients support that protocol (read Anarchie on MacOS and whatever it is Win* lusers insist on) /me who wants the OpenBSD guys to add a fourth grave for ftp to the OpenSSH t-shirt. -- Ethan Benson http://www.alaska.net/~erbenson/
pgpFAF1kx7DYa.pgp
Description: PGP signature
