[Zope] Re: Zope Digest, Vol 10, Issue 3

Sascha Welter zopelist at betabug.ch
Thu Mar 3 09:39:48 EST 2005


(Thu, Mar 03, 2005 at 08:48:25AM -0500) zope-request at zope.org wrote/schrieb/egrapse:
> From: Michael.Kaplan at t-online.de
> Subject: [Zope] firewall and passive ftp

> I have a problem using Zope-ftp with our firewall.
> 
> With passive ftp one cannot know wich ports are
> being used for communication.
> 
> Port 8021 is open and works. Ftp on the local machine
> works as well (passive and active).
> 
> Opening all high ports on the firewall is not an
> option.

Hi!

ftp just does not work with firewalls or NAT on both ends. It's the
second oldest protocol on the Internet and deserves to be retired.

Answer from Sascha Ottolski <sascha.ottolski at gallileus.de>
> in theory, a ssh-tunnel should do the trick. that said, I never made it work, 
> neither with active nor passive ftp :-(

Excuse me if I correct this mistake: ftp does not let itself tunnel 
through ssh. You can tunnel the command channel, but the data channel(s)
will continue to raise the same trouble with the ports. Grumpy old
protocol does not like a straightjacket.

Zope corporation seems to have made an sftp Gateway, haven't tryed it,
but it should do what the original poster needs:
<http://twistedmatrix.com/pipermail/twisted-python/2003-December/006839.html>
and:
<http://cvs.zope.org/Packages/SFTPGateway/>

> however, webdav over a ssh-tunnel works pretty well.

Agreed & should be much more elegant.

Regards,

Sascha (another one)



More information about the Zope mailing list