The only solution I've found is to open a whole range of high-numbered ports in my firewall. I don't remember the exact range that we used, but I could look it up if you'd like. (Yeah, this isn't ideal from a security point of view, but it lets me get my work done.) ..Ian On Sat, 17 Jul 2004 19:34:52 +0200, robert rottermann <robert@redcor.ch> wrote:

Hi there,

For some time (since I updated to 2.7) I can not reach my sites that are behind a firewall.

Both, client and server use Linux (SuSe 9.1 and 8.2)

Here a typical session:

robert@salome:~> ftp salome.redcor.net 8121 Connected to zope3.aemmenet.ch. 220 zope3 FTP server (Medusa Async V1.23 [experimental]) ready. Name (salome.redcor.net:robert): 331 Password required. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> passive Passive mode: off; fallback to active mode: off. ftp> passive on Passive mode: on; fallback to active mode: off. ftp> ls 500 'EPSV': command not understood. 227 Entering Passive Mode (193,246,254,160,67,11)

And then nothing happens anymore..

From the FTP documentation I learned that passive FTP negotiates a second control board which is in the case of the given example

67 * 256 +11 = 17163.

This port is blocked by the firewall.

I do not know who is setting this port (client or server) and how to control the range from which is selected.

Any help is appreciated

Robert