OT: HELP! We need passive FTP to work

Randy Perry radknee at earthlink.net
Sun Oct 8 17:42:51 GMT 2000

We've got an internal FTP server running ProFTPD-1.2.0pre10 on Linux behind
a DSL/Cable router firewall. We have many computer-illiterate clients who
connect with passive FTP: 1. AOL users; 2. Netscape users; 3. Users behind
corporate firewalls.

It's my understanding that passive FTP on the client's end tries to initiate
connections on higher ports (not 20, 21) and that the port assignment varies
from system to system, so it's very hard to know which ports to open up.

But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
all ports were forwarded to it from the router) and passive connections
still wouldn't work (actually they could connect, but an 'ls' command failed
with 'network unreachable'). Passive connections work fine if I take out the

So, we need some way for clients to get their files onto our server. If not
via FTP through some other method (e-mail isn't an optiion, as many ISPs
limit the size of attachments to a few MB).

I've heard it's pretty dangerous to open up SMB ports to the world. For our
Mac clients we may consider opening afpovertcp with DHX encryption.

Can anyone give advice how to solve the passive FTP problem or suggest an
alternative method of file xfer. SSH and SCP are out; installation, setup,
and use are just too complicated for non-computer people.

Randy Perry
rgp systems

Mac Consulting/Sales

More information about the samba mailing list