Charles D Hammonds wrote: > > did you also allow port 22 (ftp data) on your PIX???
FTP data uses port 20. That was probably a typo. However, with passive FTP, that port number doesn't get used. Passive FTP tells the server to wait for a connection request from the client. The server replies with the port number the client should send the request to. Then the client opens a connection from a not-well-known ephemeral (short-lived) port number to the port number provided by the server. Needless to say, this wreaks havoc with firewalls. There are no well-known port numbers in the passive data conversation. Sorry, I don't know exactly how to get this to work with PIX. I'm sure there is a way though? You could also try active FTP instead?? But then the server opens the data connection, which can cause problems also. I have written up FTP many times in the past for Gropu Study. You may want to check the archives. It will be in my new book too! If I have time, I would like to write a white paper on it too to add to my troubleshooting site here. Stay tuned: http://www.troubleshootingnetworks.com/ Priscilla > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On > Behalf Of > Simer Mayo > Sent: Monday, July 08, 2002 4:18 PM > To: [EMAIL PROTECTED] > Subject: Passive FTP [7:48357] > > > The users are on the inside interface behind the PIX firewall > and are trying > to make an pftp connection to the outside world. They are being > authenticated > from the outside server but then the section hangs trying to do > a list > command. The fixup protocol port 21 is enable on PIX and there > is no > explicit > outbound restriction from the inside interface. The outside > server is using > port range 40000-40020 for passive FTP. I tried enabling this > range on the > fixup protocol too but it didn't work. > > Please advice > > Thanks much > > SM > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48365&t=48357 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
