It would be hasslerrific to change the hardware firewall
configuration
to allow the server to connect to my home computer over the
VPN and
probably isn't an option at all for many VPN users, so that
pretty much
leaves Passive-mode as the only option.
My co-worker thinks there might be an IPTABLES control for
FTP (like
there is for our Amanda backup system) that temporarily
opens a port in
the Linux firewall to allow traffic based on other traffic
that the
firewall sees.
I'll probably look into that option later this week.
Regarding the windows client, I'm using Windows 2000 here at
work and
its support for mapping webDAV and FTP services stinks.
Fortunately, I
found a nifty utility from Novell (quite old, but works)
called
"NetDrive" that fills in the missing windows
functionality. I'm now
able to mount the Bricolage FTP Service as a drive letter,
making it
possible to edit the templates using pretty much anything,
including vi
for Cygwin  (although
I'm trying to transition to Eclipse).
-----Original Message-----
From: Harrison, George (FSH) [mailto:George.Harrison gov.mb.ca]
Sent: Wednesday, January 17, 2007 11:12 AM
To: userslists.bricolage.cc
Subject: RE: template development
Beaudet, David P. <mailto -Beaudet
NGA.GOV> wrote on January 17, 2007
09:26 AM:
> Here's what's going on:
>
> There are two modes of data transfer for FTP: Active
and Passive.
>
> ...
> Passive mode involves the server opening two ports --
the control port
> is fixed and the same as in active mode, but the data
port is a random
> unprivileged port > 1024. Therefore, IPTABLES must
be configured
> accordingly. The only working configuration I
discovered was opening
> up all ports above 1024.
Can your firewall open up ports between your host and your
client only?
It that works, you may still run into the problem that the
Windows ftp
client doesn't do Passive, if you're working from a Windows
client.
Regards
gh
|