Hello-
Standard mode FTP operates as such:
client Server
>1024 ----> 21
(Tells server "PORT xxxx" where to send data channel)
>1024 <---- 21
( "OK" response)
>1024 <------ 20
(server opens data channel to client)
>1024 ------> 20
(client tells server "OK")
The main reason why I and many of my clients don't like
PASV FTP is that you have to open up all ports > 1024 on
both routers going in both directions.
True you can argue that if you have a FW that understands state
this should be ok. But I (and many other company networking staffs)
don't like doing this. Generally we try to lock down every port
and only allows just the ones we absolutely require even IF we have
a FW in place. (added layer of security).
Steve
----- Original Message -----
From: Juan Carlos Castro y Castro <[EMAIL PROTECTED]>
To: Linux Net List <[EMAIL PROTECTED]>
Sent: Friday, July 23, 1999 14:42
Subject: Phylosophical question about FTP
> Is my understanding of the protocol correct? I managed to code an itsy
> bitsy teeny weeny FTP client which works, but only if the server
> supports passive mode. For active, I *think* this is what happens:
>
> 1) A client listens on port 20 for data connections started by the
> server.
>
> 2) That makes is impossible at first to have two client processes on the
> same machine doing a down(or up)load, but then there's the PORT command.
>
> 3) If an FTP client finds out it can't listen on 20, it grabs a random
> free port and listens on it. It then issues a PORT command on the
> control connection to inform the server of the new entrance.
>
> 4) Everything else proceeds as usual.
>
> Did I get it right? And by the way, is there a reason so few FTP servers
> deployed out there support passive mode? Is there a security reason or
> something? Or is it just people don't bother upgrading?
>
> Cheers all,
>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
