ftp and firewall problems

[madru]

I noticed that when I start an ftp session to remote machine (both machines running 10.3), I can login, but I can't do much else. For example, entering 'ls' results in the following message,

229 Entering Extended Passive Mode (|||49364|)

Then, machine just sits there. However, If you disable the firewall, everything works fine. This tells me that the firewall is filtering the traffic on those extended ports (1024-65535), even if I tick an entry 'FTP Access' in Sys pref -> sharing -> firewall and 'Use Passive FTP Mode' in Sys pref -> Networking -> proxies.

What am I missing? Has anyone else experienced this problem? ~ Thanks.

 

[tomf87]

A little bit about passive and active modes in FTP:

Active mode is where the data connection (ls, get, put, etc.) is generated from the FTP server to the client.

Passive mode is where the data connection is generated from the client to the server.

Now, from my understanding, the firewall built into Mac OS X is not stateful, meaning that it doesn't really realize an FTP session is happening.

So the firewall on the client machine tries to create a new data connection to the FTP server, and the firewall on the FTP server drops the packet, since it doesn't realize the new connection is legitimate and related to the other FTP connection.

I assume you just disabled the firewall on the FTP server?