Jordan:
Hello! Can't...help...myself...must...answer...;)
> As far as using FTP in passive mode, can you tell me how to get this to
> work when both machines are behind a "one-to-many" NAT? I was pretty
> sure the FTP protocol required 2 connections, one for control and one
> for data. Is this not right?
Your understanding of FTP is correct: it *always* requires
2 connections, one for control and one for data. The control channel
is *always* the same: the server listens for incoming tcp connections
on port 21, just like how a VNC server always listens on 590x.
That you can take to the bank.
The trouble comes in when you try to deal with the data
connection. There are two flavors: active and passive. In active-FTP,
the client tells the server what port to connect the data channel
to, and the server itself actively initiates the data channel to
that port on the client. This is a no-brainer for the server-side
firewall, but a client-side firewall must be prepared to allow
that incoming connection. And, as you might suspect, firewalls are
meant to block incoming connection initiations. Resultingly, active-mode
FTP typically breaks because of client-side firewalls.
The alternative is passive-mode FTP. In this mode, the client
no longer *tells* the server what port to connect to, rather it *asks*
the server for a port to connect to. The client then initiates the
data connection. For a client-side firewall now, this is a no-brainer:
it looks-and-feels just like web-browsing, really. For the server,
however, it becomes more challenging, for now the server not only
has to listen on port-21, it has to listen on a collection of "passive
ports" as well. This "passive port range" must be told in advance to
the firewall so it can open those ports, and (in the case of a
"one-to-many NAT'ing firewall) port-forward them along to the server.
There's one or two other steps. They're a bit tricky, but
it's a solvable problem. I've got a PDF which describes the whole
process, but due to graphics it's a bit chunky. I'll post it to my
website later this week; feel free to email me off-list and I'll
send you a copy.
cheers,
Scott
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
