>>>>> "Robert" == Robert MacDonald <[EMAIL PROTECTED]> writes:
Robert> Their software ignores the port command and digs out the port#
Robert> the client requested from deeper within the packet(this is supposedly
Robert> how they know about the original port#.) GEIS said that this is the
Robert> 'newer' standard, but I have not been able to find RFC info on this.
Robert> Any help on this 'standard' is welcome.
This is impossible. The only data available is provided as an argument to
the PORT command.
Robert> It also seems that GEIS software is not responding from the port#
Robert> defined for the DATA(20) port. They seem to arbitrarily pick a high port
Robert> to respond with. GEIS is looking into this.?? If their software responded
Robert> back with the right source port to the right destination port, I'm positive
Robert> the firewall rules set for 'normal' FTP will prevail.
This is because only idiots run public FTP servers as root. If you don't run
as root, most UNIX boxen won't let you bind port 20. The RFC does _not_
require that data connections originate from port 20. It _recommends_ that
they originate from (control port - 1), which is 20 in the default case, but
it's only a SHOULD, not a MUST. If your firewall insist on port 20, it's
broken. Fix it.
--
Carson Gaspar -- [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
http://www.cs.columbia.edu/~carson/home.html
Queen Trapped in a Butch Body
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
