Re: ftpd-ssl woes

To: Moses Moore <mmoore@novator.com>
Cc: Debian Security <debian-security@lists.debian.org>
Subject: Re: ftpd-ssl woes
From: Garrick James <garrick@james.net>
Date: Fri, 22 Feb 2002 13:22:19 -0800
Message-id: <[🔎] 20020222132219.A1077@nebula.dsl.speakeasy.net>
In-reply-to: <[🔎] 20020222210251.B661B375E7@gray.impulse.net>; from ted@impulse.net on Fri, Feb 22, 2002 at 01:02:51PM -0800
References: <[🔎] 3C76B021.904F5B3D@novator.com> <[🔎] 3C73C127.34E44B69@novator.com> <[🔎] 3C76B021.904F5B3D@novator.com> <[🔎] 20020222210251.B661B375E7@gray.impulse.net>

For some reason, I haven't seen the beginning of this thread, so I may be
missing some details.  From what I can gather you are trying to run FTP over
SSL.  I don't know what type(s) of firewall(s) you have involved (again, I
didn't see the original post).

FTP over SSL simply won't work through the majority of stateful firewalls
(if configured according to normal stateful FTP inspection).  Such firewalls
watch the FTP control port (21) for FTP PORT commands (whether active or
passive).  When the firewall sees such a command, it dynamically opens a
rule for the FTP data connection.  Beings that you are encrypting the FTP
conrol traffic, such firewalls will not be able to read the FTP PORT command
and will, therefor, not open the rule for the associated FTP data traffic. 
The result is consistant with what you are seeing.

-Garrick James

Reply to:

References:
- ftpd-ssl woes
  - From: Moses Moore <mmoore@novator.com>
- portsentry woes
  - From: Moses Moore <mmoore@novator.com>
- Re: ftpd-ssl woes
  - From: Ted Cabeen <ted@impulse.net>

Prev by Date: Re: ftpd-ssl woes
Next by Date: INFO
Previous by thread: Re: ftpd-ssl woes
Next by thread: syslog messages
Index(es):
- Date
- Thread