[Zope] FTP server hangs on ls, put, get, ...
roseg at apsis.ch
Wed Oct 1 13:13:55 EDT 2003
On Wednesday 01 October 2003 19:02, Paul Winkler wrote:
> On Wed, Oct 01, 2003 at 10:33:43AM -0400, Ian Beatty wrote:
> > On Tue, 30 Sep 2003 15:02:39 -0400, Paul Winkler <pw_lists at slinkp.com> is
> > reputed to have said:
> > > Is the server behind a firewall?
> > > I've never been able to get ftp working through a firewall.
> > Yes, it is. I've got Zope's FTP running on 8021 and that port in the
> > firewall is open.
> > Hmmm... I just tried turning off the firewall entirely, and FTP works. So
> > maybe it's a firewall issue and not a Zope issue after all. My commercial
> > service provider for a different Zope site I manage (Zettai.net) has FTP
> > working, and they're very security conscious, so they must have figured
> > out how to make it work.
> > If anyone listening can tell me what firewall rules I'll need, I'd be
> > grateful. Since it's no longer a Zope-specific issue, maybe you should
> > just email me off-list.
> Well, I think this is relevant to zope...
> I'd be very curious to know what zettai does since I've never been
> able to get it to work. I seem to recall that my problems were compounded
> by the address in question being NATted. Don't remember for sure.
> The problem is that ftp is a stupid protocol that uses two ports,
> and you never know ahead of time what the second port is going to be,
> so you can't tell the firewall what port(s) to leave open for ftp.
> Some people suggest "passive mode" on the client but that doesn't
> help: it just means that the client, not the server, determines
> what the second port will be.
> This document may help:
The description is correct (FTP uses several ports) and the usual solution
involves an FT proxy in conjunction with a range of ports that are allowed
for its use. Thus you need:
- firewall that allows connecting to ports 20, 21 and some other range (lets
- an FTP proxy that is told to use this extra range for its connections.
- possibly a port redirection to the proxy
And yes, FTP is a stupid (and insecure) protocol...
Postfach, Uetikon am See, CH-8707
Tel: +41-1-920 4904
More information about the Zope