The FTP protocol has strange peculiarities that make working behind a firewall somewhat difficult if not quite impossible. This document explains the problem, and solutions for both client and server behind a gateway doing NAT. AFAIK, it's the first time a solution is proposed for the server. Details of this solution are given for OpenBSD.. . .
The FTP protocol has strange peculiarities that make working behind a firewall somewhat difficult if not quite impossible. This document explains the problem, and solutions for both client and server behind a gateway doing NAT. AFAIK, it's the first time a solution is proposed for the server. Details of this solution are given for OpenBSD.

The FTP protocol uses two channels between client and server. The first one is used the usual way - the client settles a connection to port 21 of the server - , it is used only for commands and is permanent. The second is settled each time a data transfer has to occur (directory listings as well as file transfers); which side settles the connection is a matter of choice: in passive mode, its up to the client, in active mode its up to the server. This connection is difficult to manage, the IP address may be wrong and the port number isn't fixed. To ease above explanations, we'll speak of ``the active side'' for the one who has to settle the data connection, and of ``the passive side'' for the other

The link for this article located at daemonnews is no longer available.