Tod, For security reasons, is there a way to designate the range of ports that the ftp server would choose.
That way you can model your firewall rules to allow 4000-4500, for example, for FTP and not have to leave open such a large range. Thanks, Kevin On 01/Feb/2003 03:01:17, Danny Mallory wrote: ___________________________________ In passive mode the client does not send port request to server. If the client is behind a firewall and it passes a port command to the server, the server would never be able to return the connection. Typically this is seen as. Non-Passive: ============ connect 21 welcome, user, password client sends port command (ie; 192,168,1,100,56) server says.. What!!!.. I can't reach that address. Passive ============ connect 21 welcome, user, password client initiates PASV server responds 227 with another port. client connects to that port (ie; 4000) let the fun begin Danny On 31/Jan/2003 10:35:52, Adams, Jeff wrote: > Maybe I'm misunderstanding what you're saying, but I thought it was just the > opposite. I thought active transfers used *only* ports 21 (control) and 20 > (data) and that passive transfers used port 21 (control) and the next > available port (data). Is this incorrect? (This is also how it is described > at <A TARGET="_blank" >HREF="http://slacksite.com/other/ftp.html";>http://slacksite.com/other/ftp.html</a>). > > -Jeff > > -----Original Message----- > From: Danny Mallory [<A >HREF="mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</a>] > Sent: Friday, January 31, 2003 08:49 AM > To: sambar List Member > Subject: [sambar] FTP Server {04} > > The issue is with your client, not the server.. Your client must instruct the > server to utilizing the existing communications channels to perform its data > transfers.. The technical term for this is called PASV.. This is a common > issue when trying to utilize an FTP server behind a firewall.. By using the > PASV(passive) option you will not attempt to make new port request. > > Danny > > On 30/Jan/2003 22:44:33, Tom Faulkner wrote: > > FTP does use 20, as he said to start data transfers, it however > > doesn't keep the transfer on 20. Just as you connect to port 21 on > > the server it "transfers" your connection to another random port > > number. Well, not entirely random. So if you connect to my ftp > > server at port 21 it will answer and connect on port 4700 or > > something. The same goes for port 20. This is so it can continue to > > answer connections on the same port number, to allow for multiple > > users. On the client end it will still appear to be port 21. > > > > And I think Passive mode works by the either the client or server > > dynamically specify a data port rather than port 20. And if I > > remember correctly Sambar supports passive only. Please feel free to > > correct me on that. > > > > I'm not absolutely sure on all of that, but I'm fairly certain. > > > > Tom Faulkner > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [<A > > HREF="mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</ > > a>] On Behalf Of George Shaw > > Sent: Friday, January 31, 2003 1:25 AM > > To: sambar List Member > > Subject: [sambar] FTP Server {02} > > > > I thought FTP used port 21 strictly myself > > > > George > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [<A > > HREF="mailto:[EMAIL PROTECTED]";>mailto:[EMAIL PROTECTED]</ > > a>] On Behalf Of Vital Touch DJs > > Sent: Thursday, January 30, 2003 7:52 PM > > To: sambar List Member > > Subject: [sambar] FTP Server {01} > > > > Hey All, > > > > I have an update. > > > > I have checked in with my Network Administrator at the college that I > > attend. I talked to him regarding the issue with the FTP. > > > > As he did say, FTP uses port 21 for Control, and port 20 to send > > information out to the client. > > > > However, to recap, I have noticed that the Sambar Server will send > > information out of ports usually starting with 4700 and for each > > additional packet it sends out, it will increment the port by one.. so > > the next data > > sequence sent out would be on port 4701. > > > > He was informing me that most FTP servers have an option to send all > > data out via port 20, or to send data out by this method of using high > > ports. In > > this case, Sambar Server does not have the function of being able to > > choose > > which port the data should be sent out of. > > > > Is this possibly something that could be worked on for the next > > release or beta? I don't know, it isn't a big deal, but I would like > > to block as many > > ports as possible incoming and outgoing on my server, and right now I > > have a > > large hole to allow for data to be sent. > > > > Brian S > ------------------------------------------------------- > To unsubscribe please go to <A TARGET="_blank" >HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</a> > > > ------------------------------------------------------- To unsubscribe please go to <A TARGET="_blank" HREF="http://www.sambar.ch/list/";>http://www.sambar.ch/list/</A> ------------------------------------------------------- To unsubscribe please go to http://www.sambar.ch/list/
