From owner-freebsd-questions Thu Aug 29 7:53:19 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8E17A37B400 for ; Thu, 29 Aug 2002 07:53:15 -0700 (PDT) Received: from grumpy.dyndns.org (user-24-214-34-52.knology.net [24.214.34.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id C8AE643E4A for ; Thu, 29 Aug 2002 07:53:14 -0700 (PDT) (envelope-from dkelly@grumpy.dyndns.org) Received: from grumpy.dyndns.org (localhost [127.0.0.1]) by grumpy.dyndns.org (8.12.5/8.12.5) with ESMTP id g7TEr8lt091194; Thu, 29 Aug 2002 09:53:08 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Received: (from dkelly@localhost) by grumpy.dyndns.org (8.12.5/8.12.5/Submit) id g7TEr8Qj091193; Thu, 29 Aug 2002 09:53:08 -0500 (CDT) Date: Thu, 29 Aug 2002 09:53:08 -0500 From: David Kelly To: Daniel Bye Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Passive FTP not working on FreeBSD 4.6.2 (Ports) Message-ID: <20020829145308.GB91125@grumpy.dyndns.org> References: <200208290845.AA87425230@mail.aplusdata.com> <006201c24f5e$823a63a0$b50d030a@PATRICK> <20020829135130.GF17153@catflap.home.slightlystrange.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20020829135130.GF17153@catflap.home.slightlystrange.org> User-Agent: Mutt/1.4i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Thu, Aug 29, 2002 at 02:51:30PM +0100, Daniel Bye wrote: > > You need to set ${FTP_PASSIVE_MODE} in your shell's environment. Set it > to anything other than "NO". You can either do this from your shell > dotfiles, or you can modify the setenv directive in /etc/login.conf, so > the change is available to all users who log in. The default is PASSIVE in /etc/login.conf. The inverse of PASSIVE is not ACTIVE but NONPASSIVE. Passive mode was a hack added to ftp in order to get thru unintelligent (passive) firewalls and make things easy for NAT. For normal non-passive ftp the firewall has to open a path from the ftp server to the internal client. And for NAT it also has to map to the internal IP address. FreeBSD's natd with the punch_fw option does this. If passive doesn't work then try non-passive. My firewall is ipfw with natd, natd has the punch_fw option enabled to permit ftp. I don't allow any and all outgoing connections, so passive ftp does not work here. Non-passive does. I don't know why, once ftp was working the issue of passive ftp became unimportant. I haven't figured out how to non-passive ftp with IE 5. IIRC found a switch in IE 6 to control it. On the Macintosh IE is smarter and is able to get thru with non-passive altho the status said for about 30 seconds "opening passive connection" before things suddenly start working. My IPFW log clearly shows it is a non-passive connection. But back to your problem. I suspect a block of internal ports is open to outside port 20, and FreeBSD is not using a port in that range but NcFTP is, as does your Windows machines. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message