On Sun, 23 Jan 2005, Joseph A. Nagy, Jr. wrote: > On Sun, Jan 23, 2005 at 09:49:44PM -0500, A. Khattri wrote the following: > > On Sun, 23 Jan 2005, Joseph A. Nagy, Jr. wrote: > > > > > Also, whenever I put the port to 21, it goes offline, when I put it to 20 > > > it > > > comes back online. For some reason it refuses to use port 21. No matter. I > > > set my router to forward external port 21 to internal port 20 and my ftp > > > client will not connect. It says connection is refused to > > > joseph-a-nagy-jr.us despite me telling it to connect to > > > ftp.joseph-a-nagy-jr.us > > > > You need both port 20 and 21 for FTP. > > Ah. > > > Also, you dont say if you're using active or passive ports... > > Yeah, I have that enabled, why?
Some FTP protocol basics: With active FTP, your FTP client tells the server what port its gonna use to connect to the server. The server will make sure its listening on that port for an incoming connection. If your firewall is blocking that port though, the server will never see your incoming connection. And since that port number could be anything between 1024 and 32767, unless you have a smarter firewall with stateful packet filtering that understands FTP (most home routers dont), it will fail. With passive FTP, the server tells the client what port number to use for the data connection, the server will listen on the port for your incoming connection. So, you can tell proftpd to use say, ports 7000 to 7100 for passive ports, configure your router to allow those ports through to your FTP server and it will work. With passive FTP you can set things up on your router since you know what port numbers will be used. With active FTP your router wont know what port number is part of the same FTP session. Incidently, I have web servers out there that run proftpd that are locally firewalled with iptables. However iptables has modules that do stateful filtering and modules that understand FTP so I dont need to open any ports regardless of whether its active or passive. -- -- gentoo-user@gentoo.org mailing list
