[Zope-dev] ZServer Ftp Active mode through firewall

Kent Polk kent@goathill.org
Thu, 18 May 2000 16:08:44 -0500 (CDT)


Shane Hathaway wrote:
> Kent Polk wrote:
> > If we could simply solve this problem by replacing our active ftp
> > clients with passive ones, it would be great, but it still doesn't
> > solve the problem of clients *elsewhere* which are running behind
> > a firewall and attempting to contact our server...
> 
> One possible way to solve this is to use an FTP proxy.  A quick search
> at freshmeat.net yielded:
> 
> http://www.mcknight.de/jftpgw/

Now this gets really convoluted... :^( We have it up and running,
but user/permissions/role translation quickly turns into a really
bad nightmare.

Why can't root launch ZServer and have port 20 permissions? jftpgw
has to do that to have active ftp work anyway. Why add yet another
Point of Entry/Confusion? As I mentioned earlier, why not have it
respond on port 20 if it has permissions, otherwise respond via
high port#??

What am I missing here?