FTP'ing through a firewall ("passive FTP")

If you can't open connections from Netscape Navigator through a firewall
to ftp servers outside your site, then try configuring the firewall to
allow outgoing connections on high-numbered ports.
Usually, ftp'ing involves opening a connection to an ftp server and then
accepting a connection from the ftp server back to your computer on a
randomly-chosen high-numbered telnet port; the connection from your
computer is called the "control" connection, and the one from the ftp
server is known as the "data" connection.  All commands you send and the
ftp server's responses to those commands will go over the control
connection, but any data sent back (such as "ls" directory lists or
actual file data in either direction) will go over the data connection.
However, this approach usually doesn't work through a firewall, which
typically doesn't let any connections come in at all.  In this case you
might see your ftp connection appear to work, but then as soon as you do
an "ls" or a "dir" or a "get", the connection will appear to hang.
Netscape Navigator uses a different method, known as "PASV" ("passive
ftp"), to retrieve files from an ftp site.  This means it opens a
control connection to the ftp server, tells the ftp server to expect a
second connection, then opens the data connection to the ftp server
itself on a randomly-chosen high-numbered port.  This works with most
firewalls, unless your firewall retricts outgoing connections on
high-numbered ports too, in which case you're out of luck (and you
should tell your sysadmins about this).
"Passive FTP" is described as part of the ftp protocol specification in
RFC 959 ("http://www.cis.ohio-state.edu/htbin/rfc/rfc959.html").