On 9/1/05, Simon Farnsworth <[EMAIL PROTECTED]> wrote: > There's only two ways to get FTP+SSL past a firewall that would otherwise > filter it: > > 1) Drop firewalling for a range of ports used for FTP+SSL connections. For > example, open 65000-65535 for incoming, and configure your endpoints to listen > there (clients in the case of active FTP, servers in the case of passive). > 2) Write a man-in-the-middle proxy, that talks FTP+SSL to the remote end, > decrypts it, then talks FTP+SSL to the local end. The local end then needs to > be configured to accept the proxy's certificate for everything, and can't > validate the remote certificate (it has to trust the proxy to do that).
2b) Use TLSWrap, http://tlswrap.sunsite.dk/ To quote the web site "TLSWrap is a TLS/SSL FTP wrapper/proxy for UNIX and Windows, allowing you to use your favourite FTP client with any TLS/SSL-enabled FTP server. " Basically, this does cleartext FTP on the inside and talks TLS to the Internet. Kevin Kadow
