OT: HELP! We need passive FTP to work

Bruce bruce at toorak.com
Thu Oct 12 13:20:29 GMT 2000

/sbin/modprobe ip_masq_ftp
also you may need
/sbin/modprobe ip_masq_raudio

>We've got an internal FTP server running ProFTPD-1.2.0pre10 on Linux behind
>a DSL/Cable router firewall. We have many computer-illiterate clients who
>connect with passive FTP: 1. AOL users; 2. Netscape users; 3. Users behind
>corporate firewalls.
>It's my understanding that passive FTP on the client's end tries to initiate
>connections on higher ports (not 20, 21) and that the port assignment varies
>from system to system, so it's very hard to know which ports to open up.
>But, I tested opening ALL ports by making the FTP server a DMZ host (meaning
>all ports were forwarded to it from the router) and passive connections
>still wouldn't work (actually they could connect, but an 'ls' command failed
>with 'network unreachable'). Passive connections work fine if I take out the
>So, we need some way for clients to get their files onto our server. If not
>via FTP through some other method (e-mail isn't an optiion, as many ISPs
>limit the size of attachments to a few MB).
>I've heard it's pretty dangerous to open up SMB ports to the world. For our
>Mac clients we may consider opening afpovertcp with DHX encryption.
>Can anyone give advice how to solve the passive FTP problem or suggest an
>alternative method of file xfer. SSH and SCP are out; installation, setup,
>and use are just too complicated for non-computer people.
>Randy Perry
>rgp systems
>Mac Consulting/Sales

More information about the samba mailing list