Date: Tue, 28 Aug 2001 22:42:22 -0500 From: David Kelly <dkelly@grumpy.dyndns.org> To: Jamie Norwood <mistwolf@mushhaven.net> Cc: freebsd-stable@FreeBSD.ORG Subject: Re: FTP question Message-ID: <200108290342.f7T3gMw72703@grumpy.dyndns.org> In-Reply-To: Message from Jamie Norwood <mistwolf@mushhaven.net> of "Tue, 28 Aug 2001 10:35:23 EDT." <20010828103523.A97777@mushhaven.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Jamie Norwood writes: > I have a machine that is behind a firewall. Port 21 is open for FTP, > with the intent of using passive mode. However, nothing seems to work. > I need to know what I need to do to let this work, since we are trying > not to open up full telnet. Aw heck, my other reply got out too soon. I presume you have some control over the firewall? But I don't understand, "we are trying not to open up to full telnet." Incoming or outgoing? Same question for ftp, which side of the firewall is the client and which side is the server? To understand where the link failure is occuring you need to compare the firewall log with the attempt. Then you'll know what rule is blocking. In non-passive mode the ftp server is told (via the port 21 connection) what port the client is listening on. Then the server connects from its port 20 to the specified port for the transfer. A directory listing is a file transfer. In passive mode the server tells the client (via the port 21 connection) which port the server has opened and is listening on to conduct the data transfer. Then the client opens that link. For clients behind a firewall one either has to allow all outgoing connections, or have a firewall smart enough to monitor the port 21 communications and open specifically for those transactions. /sbin/natd with the punch_fw option works for most ftp clients for me in non-passive mode. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200108290342.f7T3gMw72703>