need help with anon FTP access via a web browser

["Mark R. Besonen" <mbesonen_(_at_)_registrar_(_dot_)_umass_(_dot_)_edu>]

Greetings to all,

As you all know, most web browsers like IE and Netscape have built in basic 
FTP functionality using URLs like ftp://ftp.mydomain.com.  In fact, the 
same browsers *also* let you upload files provided access permissions are 
appropriate--you simply drag-and-drop files onto the browser window.  I am 
hoping to use this functionality for inexperienced users so they can easily 
upload files to an anonymous FTP server.

Yes, I recognize the potential danger of anonymous FTP write access, but I 
have set directory permissions appropriately, and totally ratcheted down 
the FTP account quota to help prevent abuse.  Also, before you say "have 
the end user get a real FTP client instead of their web browser", note that 
I am talking about really inexperienced folks who think Fetch for the Mac 
is an Internet protocol (for those who don't know, Fetch is a Mac FTP 
client).  I don't want to waste my time giving them a tutorial on how to 
download and install a real FTP client--I'd just like a simple solution 
involving tools which are almost certainly available; hence, the web browser.

So I have set up anonymous FTP access on an OBSD v3.1 based server, and it 
works totally fine when accessed via an active mode FTP client (e.g. a 
command line one, or WS_FTP in active mode, etc.).  But when I try to 
access it using a web browser with a URL like ftp://ftp.mydomain.com, the 
browser just times out, and eventually gives me a "page cannot be 
displayed" or similar error.  I am pretty certain this has to do with the 
fact that the web browser attempts to use passive mode FTP.

I have already read the man pages, scoured the FAQ, and done a bunch of 
other web/Usenet searching for an easy solution to this, but there doesn't 
seem to be one.  Could anybody help out with a suggestion on how to fix 
this?  Note that the solution should be based entirely on the server side, 
and not put any more responsibility on the end-user.

More specs on the server system are listed below for those who are 
interested, and would like to help.  Thanks in advance to all for your help.

Mark


system specs:
-----------------------

1.)  running OBSD v3.1-stable, but fully patched
2.)  the stock FTPD daemon is started at boot via the rc system (e.g. 
/usr/libexec/ftpd -DllUSA)
3.)  pf is running on the server with following config:

#       $OpenBSD: pf.conf,v 1.3 2001/11/16 22:53:24 dhartmei Exp $
#
# See pf.conf(5) for syntax and examples

# pass all packets in and out (these are the implicit first two rules)
# pass in all
# pass out all


# Define useful variables
ExtIF="xl0"              # External Interface
IntNet="192.168.0.0/24"       # Our internal network
NoRouteIPs="{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
Services="{ www, ssh, ftp }"

# Clean up fragmented and abnormal packets
scrub in all

# don't allow anyone to spoof non-routeable addresses
block in  quick on $ExtIF from $NoRouteIPs to any
block out quick on $ExtIF from any to $NoRouteIPs

# by default, block all incoming packets, except those explicitly
# allowed by further rules
block in on $ExtIF all

# allow others to use http and ssh and ftp
pass  in on $ExtIF inet proto tcp from any to any port $Services flags S/SA 
keep state

# and let out-going traffic out and maintain state on established connections
# pass out all protocols, including TCP, UDP and ICMP, and create state,
# so that external DNS servers can reply to our own DNS requests (UDP).
block out on $ExtIF                 all
pass  out on $ExtIF inet proto tcp  all flags S/SA keep state
pass  out on $ExtIF inet proto udp  all            keep state
pass  out on $ExtIF inet proto icmp all            keep state