I believe the term you want to search for in your firewall documentation is "keep state".

-Tim


theo borm wrote:
> Hi,
> 
> This is probably not an ftp mirror problem.
> 
> FTP is a bit of a nasty protocol - in response to your request
> coming from one port, the server tries to open a "data channel"
> by connecting to a different port on your PC. A (presumably)
> NAT/PAT firewall allowing this must do more than just
> "opening" the right ports - it must know about FTP sessions.
> How to configure this is very much firewall-dependent.
> Most "hardware" firewalls should handle this out of the box
> though.
> 
> A workaround is the use of passive mode FTP. This is used
> (as far as I know) by most (don't know about safari) browsers'
> integrated FTP clients.
> 
> On a command line FTP client it can be switched on and
> off by entering "passive" (as a command).
> 
> If this helps you get the files you need, you may want to
> check your firewalls' settings.
> 
> Hope this helps..
> 
> cheers, Theo
> 
> Daniel R. Killoran,Ph.D. wrote:
> 
>> What ports must be open for the NetBSD ftp mirrors to permit  
>> downloads? I have ports 20,21 and 22 unblocked, but it still doesn't  
>> work. If I unblock everything, it works fine, but of course I don't  
>> want to do that!
>>
>> TIA,
>>
>> Dan Killoran
> 
> 
> 
> 

-- 
Timothy Musson
Zin Technologies
at NASA's Glenn Research Center
SAMS Software Lead
216-925-1181
mussont@zin-tech.com

NOTICE: The information contained in this E-mail and any attachments is subject to Export Administration Regulations (EAR) and must be handled in accordance with its EAR classification. If its EAR classification is not specified, the information contained in this E-mail and any attachments should not be disseminated to any non-U.S. person because the appropriate EAR classification may be more restrictive than "Public Domain."