Martin, Unfortunately, I've had no success with passive mode turned off either.... Michael LaPera On Tuesday, February 4, 2003, at 06:15 PM, martin f krafft wrote:

also sprach Michael LaPera <michael@lapera.com> [2003.02.04.2023 +0100]:

...

227 Entering Passive Mode (xxx,xxx,xxx,xxx,xx,xxx)

Tell your FTP client to not enter passive mode. I think the Zope FTP Server does not support it..

-- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck

NOTE: The pgp.net keyservers and their mirrors are broken! Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc

"i believe that the moment is near when by a procedure of active paranoiac thought, it will be possible to systematize confusion and contribute to the total discrediting of the world of reality." -- salvador dali <mime-attachment>

Sascha, Thank you.... Your information is VERY helpful and you are absolutely correct in your assumptions. I am behind a double Firewall (using NAT at the router and workstation) and it makes sense that they would be using NAT to pass through the IP address. I will try out your suggestions. Thank you again, Michael On Thursday, February 6, 2003, at 04:33 PM, Sascha Welter wrote:

Am Dienstag, 04.02.03, um 20:23 Uhr (Europe/Zurich) schrieb Michael LaPera:

...

According to my FTP log my FTP clients can login just fine, but cannot get a file listing. I get a dialog that says "Connection refused (ECONNREFUSEDErr) (-3260)". The user that I am logging in as has Full access to the entire site. There IT staff is redirecting traffic from an external IP address to an internal IP address (they assure me that there is no port filtering/fire-walling going on). I have tried active and passive ftp. The port is set to 8021. I can see the port from my machine.

Michael,

ftp is not behaving when both sides are behind Firewalls and NAT. They are using NAT, and I guess you are behind a firewall. (NAT - Network Address Translation -- is the "redirecting" thingy their IT staff is using, which in this case has the same effect as a firewall). The problem is that one of the sides has to open an arbitrary port and tell the other side that port number to connect to. 8021 is just the "command" port of ftp.

If the client is behind a firewall, they have to use passive mode, which means the server has to open that "other" port. If the client is on active mode, this means she is opening the "other" port.

What you experience is that both sides are behind a firewall or a NAT. Then the ftp "command channel" gets through (you can type commands and get replies for them), but the data connection will be blocked by whatever side has the responsibility to open an "arbitrary" port. This is because the NAT device does not know which machine to forward your randomly chosen port for the data connection to. And the firewall (that I guess you are behind) does not allow just any connection to a random port.

ftp is broken and unsafe.

Suggestions: - move one side out of the firewall/NAT (not really) - shoot a big enough hole through your firewall, wherever your ftp client is opening those randomly chosen ports (IIRC they're often in the range 10000-20000 but I could be totally off) (not really either) - maybe a ftp proxy "inbetween" the two would work, but I don't really know - use WebDAV, preferably through https, or through an ssh tunnel (but the ssh tunnel is probably not possibly to a Windows box)

I hope this helped (but I don't really think it did).

Regards,

Sascha

-- Sascha Welter <mailto:welter@network-ag.com> Network AG Programmer, Sysop, IT-Support, BOFH Ruetistrasse 17 Tel. 01 755 40 20 CH-8952 Schlieren <http://www.network-ag.com> PGP/GPG ID: E0EAFC8A 067B 60E1 CB03 50CE D781 42E9 A583 AAF4 E0EA FC8A

_______________________________________________ Zope maillist - Zope@zope.org http://mail.zope.org/mailman/listinfo/zope ** No cross posts or HTML encoding! ** (Related lists - http://mail.zope.org/mailman/listinfo/zope-announce http://mail.zope.org/mailman/listinfo/zope-dev )