ircd-hybrid-7.1beta1 link

Jonathan R. Lusky lusky at boost.blown.net
Thu Jul 29 13:22:52 EDT 2004


I'm sure the blackend problem is a firewall rule error and I've asked them
to look into it.  

As for allowing in all traffic from port 20 (at the client's firewall)
to make active FTP work, that's generally a really bad idea.  The correct
solution is to use a stateful firewall with an FTP ALG that will
dynamically open holes for the reverse connection.  

Paul-Andrew Joseph Miseiko writes:
> You are probably correct about wget using active by default however fetch
> will use the environment variable "FTP_PASSIVE_MODE" to determine if it
> should use passive or active.
> 
> I have intentionally disabled active ftp for years and noticed just last
> week that blackened for some odd reason goes against the trend and does not
> support passive mode.  Maybe they want to be the opposite of
> ftp.microsoft.com which supports passive mode but not active mode. :)
> 
> To enable active FTP on your firewall all you need to do is allow incoming
> packets from port 20 (default circumstancesddddddddddddr(was trying to get a
> breadcrumb from between two keys there)).  People probably know now why
> people disable active FTP support.  ;)
> 

-- 
Jonathan R. Lusky                             lusky at blown.net
http://www.blown.net/
-------------------------------   --------------------------------------
68 Camaro Convt - 350 / TH350  \_/ 2000 Mustang GT Convt - 4.6SOHC / T45



More information about the hybrid mailing list