Len Cumbow <[EMAIL PROTECTED]> writes: >Use passive mode [n]: BTW, what is passive mode?
FTP by default is in non-passive mode. When a data connection is setup between the client and server, the client sends a request to the server to connect to a specific port for the data transfer. In other words, the ftp client sends a PORT command to the server, instructing the server to open a data connection to a specific IP and port that is listening for the data connection. The server makes that connection and then the transfer begins. Passive mode is a little different. The PASV tells the server to setup a port to start listening for a data transfer on, to which the server returns the IP and port of that [the response from the server is much like what the client sends in the PORT command in non-passive mode]. The client then opens the data connection to the server port specified. The cool things with passive mode is that you can connect to two different servers; Enter passive mode on the first, which gives you the ip & port number where the server is listening for the data; send that IP and port number to the second server via the PORT command, instructing that second server to make a data connection to the first server. The client can then initiate data transfers between the two servers. The drawback to passive mode is firewalls. Since you don't know what port number the servers data connection is going to be listening on, you have no way of configuring that port number into your firewall. With Non-PASV mode, the server's data connections will come from port 20, which you can configure to be allowed through your firewall. (We played a little joke on one of our QA guys when we set it up to reject packets from port 20... you could open an FTP connection, but you just couldn't transfer any data! :) Anyway... The firewall problem is the reason your Proxy Server needs non-PASV mode. It needs to know what port the data connection is coming from beforehand, so that it can proxy it correctly, and a dynamic server data port won't work. If you want more details, give RFC 959 a read. ftp://venera.isi.edu/in-notes/rfc959.txt -Jeff ***************************************************************************** | Jeff Schreiber | There is freedom and there is responsibility. | | aka - "Spectre" | You have obviously figured out the first | | [EMAIL PROTECTED] | but not the latter. | | | (Rob Schmunk - [EMAIL PROTECTED]) | ***************************************************************************** -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] < /dev/null