There has been some remarkably misguided advice in this thread. Passive ftp is generally more likely to work through any firewall than active ftp - it is generally the better method - including with Pix firewalls.
"fixup protocol ftp" has nothing to do with passive ftp. It only causes the Pix to look for "port" commands, which are only used in active ftp. It is needed so that the Pix can temporarily open the inbound port for the data connection. But passive ftp doesn't use an inbound port and requires no special rule in the Pix to work. Nor would there be a problem with address or port translation - as there is no address or port specified in the ftp "pasv" command. (There is an address and port specified in the ftp server's response to a pasv command, but these don't get translated (nor do they need to be). Nor would there be a problem with the server using a different address for the data connection, as long as it specifies it in the response to the pasv command. The most likely reason the passive ftp through the Pix is failing is a bug in the Pix code: CSCdp09306, fixed in 5.0(2.212) and 5.1(1.208). Tony Rall _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
