netbsd-users: Re: Getting to ftp.netbsd.org

Subject: Re: Getting to ftp.netbsd.org
To: Steven M. Bellovin <smb@research.att.com>
From: Louis Guillaume <lguillaume@berklee.edu>
List: netbsd-users
Date: 05/07/2003 19:25:47

Steven M. Bellovin wrote:

> In message <3EB984D9.8090403@berklee.edu>, "Louis Guillaume" writes:
> 
>>Hello,
>>
>>I've been having a great big fight with my network admin over access to 
>>ftp.netbsd.org (or anoncvs) through our Checkpoint Firewall. It's 
>>version "NG - patch level 4".
>>
>>The session looks like this...
>>
>># ftp -a ftp.netbsd.org
>>Trying 2001:4f8:4:b:2e0:81ff:fe21:6563...
>>ftp: connect to address 2001:4f8:4:b:2e0:81ff:fe21:6563: No route to host
>>Trying 204.152.184.75...
>>Connected to ftp.netbsd.org.
>>220 ftp.netbsd.org FTP server (NetBSD-ftpd 20020615) ready.
>>331 Guest login ok, type your name as password.
>>230-
>>421 Service not available, remote server has closed connection.
>>ftp: Login failed.
>>ftp>
>>
> 

Thanks very much for this fix. The problem I forsee, is that my Network 
admin will look at this doc from Checkpoint...

http://www.checkpoint.com/techsupport/alerts/pasvftp.html

... and say that it's a security issue, and that we would be de-grading 
the firewall.

Does the ftp server actually need to be patched?

Louis