Re: Passive Port Control

Richard Gasiorowski Tue, 23 Feb 2010 15:01:00 -0800

hey Mr Scully

IS it possible that /etc/services has been defined?


Richard (Gaz) Gasiorowski
SA&E Solution Architect
CSC
3170 Fairview Park Dr., Falls Church, VA 22042
845-889-8533|Work|845-392-7889 Cell|rgasi...@csc.com|www.csc.com




This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery.
NOTE: Regardless of content, this e-mail shall not operate to bind CSC to
any order or other contract unless pursuant to explicit written agreement
or government initiative expressly permitting the use of e-mail for such
purpose.



From:
"Scully, William P" <william.scu...@ca.com>
To:
LINUX-390@vm.marist.edu
Date:
02/23/2010 04:45 PM
Subject:
Passive Port Control



Help me understand something, please.  In SuSE 10 I see:

  > cat /proc/sys/net/ipv4/ip_local_port_range
  32768   61000


However with VSFTP I seem to be using an ephemeral port outside that
range:


Finding Host whatever.ca.com ...
Connecting to 123.123.123.123:21
Connected to 123.123.123.123:21 in 0.203093 seconds, Waiting for Server
Response
220 "This is CA service."
Host type (1): Automatic detect
USER anonymous
331 Please specify the password.
PASS (hidden)
230 Login successful.
SYST
215 UNIX Type: L8
Host type (2): UNIX (standard)
PWD
257 "/"
CWD /
250 Directory successfully changed.
PWD
257 "/"
TYPE A
200 Switching to ASCII mode.
PASV
227 Entering Passive Mode (123,123,123,123,120,134)
connecting data channel to 123.123.123.123:120,134(30854)
data channel connected to 123.123.123.123:120,134(30854)
LIST
150 Here comes the directory listing.
transferred 955 bytes in < 0.001 seconds, 7460.938 Kbps ( 932.617 KBps),
transfer succeeded.
226 Directory send OK.


I did -not- encode these records in VSFTP's configuration, as I thought
TCP/IP's limits would be in effect.


pasv_max_port
    The maximum port to allocate for PASV style data connections. Can be
used to specify a narrow port range to assist firewalling.

    Default: 0 (use any port)
pasv_min_port
    The minimum port to allocate for PASV style data connections. Can be
used to specify a narrow port range to assist firewalling.

    Default: 0 (use any port)



My question is this:  Why are the TCP/IP limits on the ephemeral ports
not enforced?

----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or
visit
http://www.marist.edu/htbin/wlvindex?LINUX-390



----------------------------------------------------------------------
For LINUX-390 subscribe / signoff / archive access instructions,
send email to lists...@vm.marist.edu with the message: INFO LINUX-390 or visit
http://www.marist.edu/htbin/wlvindex?LINUX-390

Re: Passive Port Control

Reply via email to