FTP, proxies, firewalls (was: Fedora ftp install without a name server?)
On 3/23/06, John Abreau [EMAIL PROTECTED] wrote: Just a minor nit; PASV mode wasn't invented to deal with firewalls; if I recall correctly, it was part of the ftp spec early on, and its intended purpose was for server-to-server transfers. Ah. Interesting. I stand corrected. On 3/23/06, Jason Stephenson [EMAIL PROTECTED] wrote: IE also seems to do all FTP in the normal way, thus it not working through my firewall/NAT. Some versions of MSIE have a knob for this. Tools - Options - Advanced - Browsing - Use Passive Mode. I supposedly configured the FTP proxy on my firewall, but I'm not sure why it isn't working. When you mix FTP with proxies, things get really complicated. It can mean the FTP client uses a SOCKS proxy to open TCP connections to the outside world. It can mean the FTP client uses an HTTP proxy and the CONNECT method to open TCP connections to the outside world (you need PASV for this, since there is no way to have an HTTP proxy listen on behalf of a client). It can mean an HTTP client (web browser) uses HTTP to talk to an HTTP proxy, submit GET and PUT of FTP URLs, so the proxy server itself does FTP, but then the proxy server returns the result to the HTTP client using HTTP and HTML. Or it can mean one of several mutually incompatible FTP proxy protocols which have nothing to do with SOCKS or HTTP. And none of that even touches on IP-layer NAT/masquerading/etc. Are we sufficiently confused yet? Perhaps, an upgrade or a switch to a different firewall software is in order. What are you using now? -- Ben ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: FTP, proxies, firewalls (was: Fedora ftp install without a name server?)
Ben Scott wrote: Perhaps, an upgrade or a switch to a different firewall software is in order. What are you using now? Currently, it is a relatively old release of IP Filter (ipf) from http://coombs.anu.edu.au/~avalon/ that was hacked up by the OpenBSD folks before the licensing clarification. (Really weird stuff seems to be going on with that machine tonight. It's running OpenBSD 2.7, and I'm using a KVM to access the console. However, tonight, when I try to login at the console, everything I type is in all caps, regardless of the state of the caps lock key. I can ssh in just fine, so I want to blame the presence of the KVM and the fact that I recently started using the keyboard key combination to switch between systems. In the past, I always used the button on the KVM itself. It must have something to do with that machine having an AT keyboard port and I'm using an AT/PS-2 adapter to connect it to the KVM.) I used to use ipfw when my gateway was a PowerMac with MkLinux on it. I had pretty good luck with ipfw, and its built in ftp proxy module seemed to work. I intend to upgrade my gateway to OpenBSD 3.9 when it comes out this summer. I may end up having to upgrade the hardware, too. ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
Re: FTP, proxies, firewalls (was: Fedora ftp install without a name server?)
Jason Stephenson writes: ... It must have something to do with that machine having an AT keyboard port and I'm using an AT/PS-2 adapter to connect it to the KVM.) At keyboard and PS/2 keyboard use the same electrical and signalling protocol. An adapter is just connectors and wire, so it gets it right. Of course, there are more keys on most modern PS/2 keyboards then there ever were on an official AT keyboard, but the keys that are the same send the same codes. I really don't think that the adapter is related to the problem. Funny state in the KVM is a good bet. The proof of the pudding would be to plug the keyboard in directly, but the AT - PS/2 interface isn't designed to always recover without rebooting, and just rebooting might fix things anyway. Bill ___ gnhlug-discuss mailing list gnhlug-discuss@mail.gnhlug.org http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss