On Mon, 2005-03-14 at 16:04, Bob Brennan wrote: Snip > > Excellent! Thanks Rob - once one knows what to Google one can be enlightened... > > http://slacksite.com/other/ftp.html is a good tutorial. > > That answers all previous questions - but opens a new one, at least in > my mind. Is it more secure to restrict ftp to Active mode only (hope I > got it right way round this time Paul!) or to open all ports > 1024 so > that Passive mode can be used? I always thought having ports open like > that is a Bad Idea. I also note that the above reference link says > that most ftp servers allow the admin to specify a _range_ of > underprivilaged(?) ports to be used, presumably one must then open the > firewall to those ports. > > The document seems to say that Passive mode is there only to support > clients that can't open their own ports>1024, which is an Active Mode > requirement. I'm not sure if I'm more or less confused now than before > - other than now knowing what the problem(s) is and how to get around > it. > > bob There are several ways around the need to permanently open posts >1024 for passive mode FTP. One way is to dynamically open the ports as and when required. Your FC3 firewall can do this, try searching for iptables and ftp again there are plenty of tutorials on how to do this. Rob