View Single Post
Old 16.09.2008, 10:56
montymole9 montymole9 is offline
Newbie 1st class
Join Date: Oct 2007
Location: Belp, BE
Posts: 12
Groaned at 0 Times in 0 Posts
Thanked 3 Times in 3 Posts
montymole9 has no particular reputation at present
Re: Swisscom Port Blocking?

It is quite possible that the "features" of FTP are the issue here, active versus passive port allocation. The server based verification of client, reverse IP lookup's, etc.

Outbound, NAT and statefull firewall (SPI) will cause problems on "cheaper" firewalls as they may not track the port allocations correctly.

Inbound, it depends as port 21 is only used to initiate the connection, port 20 is used for data in passive and active will dynamically allocate a random port.

Anyway FTP is in clear text for all parts, username, password and contents.

I would suggest using an SFTP server (from Putty or Openssh) and then you only need one port opening (port 22) and everything is encrypted.

Links using HTTP will use port 80 and will not use FTP protocol, hence it is the same as a web page only quite a bit larger ... 8-)

I'd steer clear of FTP unless you are happy to work out the issues which are many and random. It's an old and quirky protocol, it was designed long before firewalls were ever thought of ...
Reply With Quote