On Sun, Feb 22, 2004 at 10:05:22AM -0800, Robert Jean wrote:
The problem is, I suspect as per the FTP protocol, the client decides the local socket of the data channel (not very good for firewall support). However, I have been successful with other standard FTP servers using similar treatment. Is there a resolution to this issue?
You may have to tell the firewall that port 8021 (or whatever you've configured as the Zope FTP port) carries FTP traffic, so that it can do the necessary magic to track FTP connections and dynamically allow data connections established from an FTP control connection. For iptables on Linux this can be done like this (on the FTP server): modprobe ip_conntrack_ftp ports=21,8021 That tells the FTP connection tracking module to watch both port 21 (the default) the 8021 (the Zope FTP port). The Cisco router/firewall may have a corresponding incantation. -- Fred Yankowski fred@ontosys.com tel: +1.630.879.1312 OntoSys, Inc PGP keyID: 7B449345 fax: +1.630.879.1370 www.ontosys.com 38W242 Deerpath Rd, Batavia, IL 60510-9461, USA