On Aug 1, 2005, at 11:18 AM, Timothy A. Musson wrote:

> I believe the term you want to search for in your firewall  
> documentation is "keep state".
>
> -Tim
>
>
> theo borm wrote:
>
>> Hi,
>> This is probably not an ftp mirror problem.
>> FTP is a bit of a nasty protocol - in response to your request
>> coming from one port, the server tries to open a "data channel"
>> by connecting to a different port on your PC. A (presumably)
>> NAT/PAT firewall allowing this must do more than just
>> "opening" the right ports - it must know about FTP sessions.
>> How to configure this is very much firewall-dependent.
>> Most "hardware" firewalls should handle this out of the box
>> though.
>> A workaround is the use of passive mode FTP. This is used
>> (as far as I know) by most (don't know about safari) browsers'
>> integrated FTP clients.
>> On a command line FTP client it can be switched on and
>> off by entering "passive" (as a command).
>> If this helps you get the files you need, you may want to
>> check your firewalls' settings.
>> Hope this helps..
>> cheers, Theo
>> Daniel R. Killoran,Ph.D. wrote:
>>
>>> What ports must be open for the NetBSD ftp mirrors to permit   
>>> downloads? I have ports 20,21 and 22 unblocked, but it still  
>>> doesn't  work. If I unblock everything, it works fine, but of  
>>> course I don't  want to do that!
>>>
>>> TIA,
>>>
>>> Dan Killoran
>>>
>

Thanks all! A little "sniffing" revealed that ftp had grabbed a port  
in the 5100 range and insisted on using it for data transfer or  
something like that. Odd - I thought it used port 20 for that.  
Anyway, I have to open up that range to get ftp to work.

Dan Killoran