>you're right, the default behaviour is that an FTP-server returns a
>high-port. What the author of the previous message probably was
>referring to is that along with firewall-friendly FTP (RFC1579) a lot of
>FTP-servers added the functionality to restrict the range of high-ports
>returned (ie. only ports ranging form 3000 up to 3500) to avoid that
>users with less sofisticated firewalls have to open up all high-ports to
>the outside-world (which is a risk because ie xterm uses high-ports).
Thank you, Dirk, I don`t know about this RFC specification.
It is no more logical connect internal ftp server directly to firewall?
As I understand Delegate concept it is deliver outside services to internal
clients in comfortable for clients manner.
>If an FTP-server that supports this port-range is proxied by a delegate,
>this FTP-server loses the advantage of limited port-range and the user
>is forced to open up his firewall.
>Currently the delegate (setupPASV in inets.c I believe) doesn't support
>this, though it seems like an interesting feature to me.
Another way - mount internal FTP on external Delegate - permit interaction
only between these two hosts. And full access worldwide clients to external
Vadim Mironov, Almaty, Kazakhstan
Design department, Halyk Savings Bank of Kazakhstan.