Article delegate-en/1193 of [1-5169] on the server localhost:119
  upper oldest olders older1 this newer1 newers latest
search
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]

Newsgroups: mail-lists.delegate-en

[DeleGate-En] Re: Portrange for passive FTP (not supported)
08 Jun 2001 02:27:50 GMT ppmcabdyi-vss2ysvaer3r.ml@ml.delegate.org


>Vadim,
>you're right, the default behaviour is that an FTP-server returns a
>high-port. What the author of the previous message probably was
>referring to is that along with firewall-friendly FTP (RFC1579) a lot of
>FTP-servers added the functionality to restrict the range of high-ports
>returned (ie. only ports ranging form 3000 up to 3500) to avoid that
>users with less sofisticated firewalls have to open up all high-ports to
>the outside-world (which is a risk because ie xterm uses high-ports).
 
Thank you, Dirk, I don`t know about this RFC specification.
It is no more logical connect internal ftp server directly to firewall?
As I understand Delegate concept it is deliver outside services to internal
clients in comfortable for clients manner.
 
>
>If an FTP-server that supports this port-range is proxied by a delegate,
>this FTP-server loses the advantage of limited port-range and the user
>is forced to open up his firewall.
>
>Currently the delegate (setupPASV in inets.c I believe)  doesn't support
>this, though it seems like an interesting feature to me.
 
Another way - mount internal FTP on external Delegate - permit interaction 
only between these two hosts. And full access worldwide clients to external 
Delegate.
 
Vadim Mironov,  Almaty, Kazakhstan
Design department, Halyk Savings Bank of Kazakhstan.
 


  admin search upper oldest olders older1 this newer1 newers latest
[Top/Up] [oldest] - [Older+chunk] - [Newer+chunk] - [newest + Check]
@_@V