Try using the ftp-proxy daemon. The proxy will take care of what ports need to be open and close them when they are not needed. It will make your life easier.
Ftp-proxy "how to" (forward and reverse) http://calomel.org/ftp_proxy.html -- Calomel @ http://calomel.org Open Source Research and Reference On Thu, Nov 29, 2007 at 01:20:42PM -0800, Doug Milam wrote: >Greetings, > >I'm having trouble getting FTP to work in passive mode. (I've set the machine >up as an FTP server). > >I can connect in active mode, with a PORT connection, but I'm seeing a 425 >error ("can't open passive connection; can't assign requested address") for >passive attempts. > >The FTP server is 'self-protected' by pf and I've got one high port assigned >in addition to 21, of course. I chose to restrict the high port to one port >rather than a range. I've also set this in sysctl.conf. > >The machine also sits on a LAN behind a router which currently only allows in >port 21, but allows out everything. > >Suggestions welcome! > > >-- >Be aware. Stay present. Speak honestly. > >--------------------------------- >Get easy, one-click access to your favorites. Make Yahoo! your homepage.
