On 2.3.2011 03:00, John R Pierce wrote: > On 03/01/11 5:55 PM, Markus Falb wrote: >> On 2.3.2011 02:15, Nico Kadel-Garcia wrote: >> >>> I know FTP can be a nightmare: I thought FTPS had pretty much >>> addressed the separate data and control channel issues, or am I >>> profoundly mistaken? >> Running ftp over ssl is not changing the ftp protocol. SSL or not, there >> are the same "open up a bunch of passive ports for data channel" insanities. > > and, worse, since the control channel is encrypted, this can't be done > via a port monitor that sniffs and modifies 'port' commands, so this > causes problems at BOTH ends of a NAT Could it be that the iptables ftp conntrack and nat modules does not work with ftps because of this ? -- Best Regards, Markus Falb -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 267 bytes Desc: OpenPGP digital signature URL: <http://lists.centos.org/pipermail/centos/attachments/20110302/81ed096c/attachment-0005.sig>