[Zope] FTP server hangs on ls, put, get, ...
Paul Winkler
pw_lists at slinkp.com
Wed Oct 1 13:02:05 EDT 2003
On Wed, Oct 01, 2003 at 10:33:43AM -0400, Ian Beatty wrote:
> On Tue, 30 Sep 2003 15:02:39 -0400, Paul Winkler <pw_lists at slinkp.com> is
> reputed to have said:
>
> > Is the server behind a firewall?
> > I've never been able to get ftp working through a firewall.
>
> Yes, it is. I've got Zope's FTP running on 8021 and that port in the
> firewall is open.
>
> Hmmm... I just tried turning off the firewall entirely, and FTP works. So
> maybe it's a firewall issue and not a Zope issue after all. My commercial
> service provider for a different Zope site I manage (Zettai.net) has FTP
> working, and they're very security conscious, so they must have figured out
> how to make it work.
>
> If anyone listening can tell me what firewall rules I'll need, I'd be
> grateful. Since it's no longer a Zope-specific issue, maybe you should just
> email me off-list.
Well, I think this is relevant to zope...
I'd be very curious to know what zettai does since I've never been
able to get it to work. I seem to recall that my problems were compounded
by the address in question being NATted. Don't remember for sure.
The problem is that ftp is a stupid protocol that uses two ports,
and you never know ahead of time what the second port is going to be,
so you can't tell the firewall what port(s) to leave open for ftp.
Some people suggest "passive mode" on the client but that doesn't
help: it just means that the client, not the server, determines
what the second port will be.
This document may help:
http://slacksite.com/other/ftp.html
--
Paul Winkler
http://www.slinkp.com
Look! Up in the sky! It's POSITRONICMEGAPOODLE TEACHER TAMBOURINE!
(random hero from isometric.spaceninja.com)
More information about the Zope
mailing list