Kent, If possible, I'd like you to check whether the FTP server is trying to make the connection from a port other than 20. Then try out a different FTP server that is working through the firewall (on active mode connections) and see if it connects from port 20. If so, we have found the problem. The solution is not obvious to me, however, considering the restriction of allocation of ports below 1024. Guidance is welcome... Shane Kent Polk wrote:
I believe we discovered a problem with ZServer's ftp server. (Zope 2.1.6)
I posted the following to the collector: http://classic.zope.org:8080/Collector/1257/view
Has anyone else seen this problem? :
---------------------- It appears that ZServer's active ftp mode may be broken, but probably is only noticed when used in conjunction with a firewall. Ftp Passive mode operates as expected and active mode operates as long as there is no firewall.
Observations (Active mode): - client connects, instructs server regarding data port to use. - server appears to never send port 20 reply to client, which is required by the firewall to know that the data port needs to be opened. - client waits on data port. If no firewall, the connection is made. If firewall is blocking high port numbers, the firewall never is instructed to open the data port which is indicated by the server port 20 response (that is never sent), so no connection is made.
I saw a number of discussions regarding this topic that indicated that improper DNS configuration was causing the problem. However, this is not the problem in our case. We first noticed that all passive (PASV) mode ftp clients worked correctly, then noticed that all ftp clients on the same subnet or outside the firewall worked correctly, then noticed that active clients inside the firewall were never receiving the port 20 response and that the firewall was blocking the data port from the server.
Comments?
_______________________________________________ Zope-Dev maillist - Zope-Dev@zope.org http://lists.zope.org/mailman/listinfo/zope-dev ** No cross posts or HTML encoding! ** (Related lists - http://lists.zope.org/mailman/listinfo/zope-announce http://lists.zope.org/mailman/listinfo/zope )