View Single Post
Old 16.09.2008, 11:08
PeterDB PeterDB is offline
Senior Member
Join Date: May 2007
Location: Lausanne
Posts: 290
Groaned at 1 Time in 1 Post
Thanked 106 Times in 67 Posts
PeterDB is considered knowledgeablePeterDB is considered knowledgeablePeterDB is considered knowledgeable
Re: Swisscom Port Blocking?

View Post
It is quite possible that the "features" of FTP are the issue here, active versus passive port allocation. The server based verification of client, reverse IP lookup's, etc.

Outbound, NAT and statefull firewall (SPI) will cause problems on "cheaper" firewalls as they may not track the port allocations correctly.

Inbound, it depends as port 21 is only used to initiate the connection, port 20 is used for data in passive and active will dynamically allocate a random port.

Anyway FTP is in clear text for all parts, username, password and contents.

I would suggest using an SFTP server (from Putty or Openssh) and then you only need one port opening (port 22) and everything is encrypted.

Links using HTTP will use port 80 and will not use FTP protocol, hence it is the same as a web page only quite a bit larger ... 8-)

I'd steer clear of FTP unless you are happy to work out the issues which are many and random. It's an old and quirky protocol, it was designed long before firewalls were ever thought of ...
agree.. FTP is an old protocol and has not evolved much since its inception, but it has not really needed to, since it serves it purpose quite well and efficiently also. Okay, often there are minor issues to be worked out to get your firewall setup and your modem/routers NAT configured correctly. Even issues with dynamic IP (solved using a DynDNS service). But, you will have similar issues using other services also. Take the latest generation of file sharing protocol WebDAV, far more complex to setup, yet you don't get that many more extra, when you are just looking for simple file sharing/transfer features.

Reply With Quote