>> As BBBS can't configure a port range for that, I must set all   
   >> unused ports for forwarding the passive responses from BBBS' ftp   
   >> to router/fw and back.   
      
   > this depends on your firewall... the linux firewalls i'm familiar    
   > with use conntrack to keep up with the connections... there's a    
   > specific module for conntrack to use for ftp connections and it does    
   > easily manage passive connections quite well... i've not had any    
   > problems with my ftp server and have never even though to use its    
   > config for specific ports... it just works ;)   
      
    JK> Depends on what you use, Mark.. Over here I am using a firewall,   
    JK> I'd just forgotten to include the equivalent ports for BBBS's ftp   
    JK> as I did for regular ftp:   
      
   i knew you were using a firewall but i thought it might be one of those built   
   into the modems instead of a seperate one...   
      
    JK> /etc/services   
    JK> [...]   
    JK> ftp-data        20/tcp   
    JK> ftp             21/tcp   
    JK> [...]   
    JK> bftp-data       60720/tcp                       #BBBS Bftp-data   
    JK> bftp            60721/tcp                       #BBBS Bftp   
      
   i wonder how that works... how do the remote FTP clients know to use 60720 for   
   the control channel instead of 20?   
      
    JK> BBBS runs it's own daemons for ftp, http and more. I initially had   
    JK> to include all the BBBS 'ports' to open them up for everyone...   
    JK> which makes sense.    
      
   yes, it does in a way :)   
      
   >> You can do it. I'm sure. ;-)   
      
   > janis, maybe it is time to look at your firewall or put that modem   
   > in bridge mode and set up a firewall similar to the one i run ;)   
      
    JK> Nah.. I don't think you understand my setup here .  Everything   
    JK> works just fine ... The firewall I'm using is just like conntrack.    
    JK> The only reason I added the 60720 above is because I suspected that   
    JK> it might have been the reason why ftp requests at filegate.net   
    JK> 60721 were failing earlier..   
      
   i'm sure you'll find out if it works soon enough ;)   
      
    JK> Btw, I sure _don't_ want to put my DSL modem in bridge mode.. I   
    JK> don't think that would be a nice thing to do to Ron Lol.. We have 5   
    JK> ip addresses here.    
      
   not a problem with real firewalls that can handle multiple IPs from the same   
   ISP... the one i run has a special add-on mod for that capability and it gives   
   a lot more functionality as well :)   
      
    JK> I will check out conntrack though I don't think I'll need it. we'll   
    JK> see :)    
      
   conntrack is a part of iptables IIRC...   
      
   )\/(ark   
      
    * Origin:  (1:3634/12)