RE: Another dselect FTP problem

To: cumbow@cardinal-software.com
Cc: debian-user@lists.debian.org, schreiber@process.com
Subject: RE: Another dselect FTP problem
From: Jeff Schreiber <schreiber@process.com>
Date: Thu, 9 Jul 1998 08:56:43 -0400
Message-id: <[🔎] 009C8E9F.F54DD210.52@process.com>

Len Cumbow <cumbow@cardinal-software.com> writes:
>Use passive mode [n]:                           BTW, what is passive mode?

    FTP by default is in non-passive mode.  When a data connection is setup
    between the client and server, the client sends a request to the server
    to connect to a specific port for the data transfer.  In other words,
    the ftp client sends a PORT command to the server, instructing the server
    to open a data connection to a specific IP and port that is listening for
    the data connection.  The server makes that connection and then the 
    transfer begins.

    Passive mode is a little different.  The PASV tells the server to setup
    a port to start listening for a data transfer on, to which the server
    returns the IP and port of that [the response from the server is much
    like what the client sends in the PORT command in non-passive mode].  The
    client then opens the data connection to the server port specified.

    The cool things with passive mode is that you can connect to two 
    different servers;  Enter passive mode on the first, which gives you
    the ip & port number where the server is listening for the data; send
    that IP and port number to the second server via the PORT command,
    instructing that second server to make a data connection to the first
    server.  The client can then initiate data transfers between the two
    servers.

    The drawback to passive mode is firewalls.  Since you don't know what
    port number the servers data connection is going to be listening on, you 
    have no way of configuring that port number into your firewall.  With
    Non-PASV mode, the server's data connections will come from port 20,
    which you can configure to be allowed through your firewall.  (We played
    a little joke on one of our QA guys when we set it up to reject packets
    from port 20... you could open an FTP connection, but you just couldn't
    transfer any data! :)

    Anyway... The firewall problem is the reason your Proxy Server needs
    non-PASV mode.  It needs to know what port the data connection is coming
    from beforehand, so that it can proxy it correctly, and a dynamic server
    data port won't work.

    If you want more details, give RFC 959 a read.

        ftp://venera.isi.edu/in-notes/rfc959.txt

                                                -Jeff

*****************************************************************************
|     Jeff Schreiber       | There is freedom and there is responsibility.  |
|     aka - "Spectre"      | You have obviously figured out the first       |
| schreiber@mx.process.com | but not the latter.                            |
|                          |     (Rob Schmunk - rbs@panix.com)              |
*****************************************************************************


--  
Unsubscribe?  mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null

Reply to:

Prev by Date: RE: netscape 4.05
Next by Date: Irritating ^H and double characters in documentation
Previous by thread: Another dselect FTP problem
Next by thread: Fujitsu 520T boot: prompt parameters ...
Index(es):
- Date
- Thread