For internal use (as mirror) we had to set up an internal
ftp-server. Because on the brdm-server (3.6) ftp had to be
opened for automatic update-purposes, question came up on
how secure this situation might be.

Brdm-server has following exception for internal hosts
updating themselve from i.e.:

Packet Type: ftp-port-pasv-st

Source: INTERN
All Circuits
Any Address

Destination: EXTERN
All Circuits
Any Address

Comment: Craig: Allow outbound FTP, p152, 17.07.03

The interal ftp-server (nwftpd.nlm - runs NOT on the
brdm-server) is located on a server, which also updates
itself as host from

Are there any concerns about this setup - might the
ftp-server be accessible from the outside?