Re: ftpd-ssl

To: debian-user@lists.debian.org
Subject: Re: ftpd-ssl
From: "Matus \"fantomas\" Uhlar" <uhlar@fantomas.sk>
Date: Wed, 19 Feb 2003 17:49:25 +0100
Message-id: <[🔎] 20030219164925.GB21793@fantomas.sk>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 3E54CFB4@mail.totalise.co.uk>
References: <[🔎] 3E54CFB4@mail.totalise.co.uk>

-> I have ftpd-ssl running, it seems to work very well.
-> 
-> As far as I can tell it just uses port 22, neat, this seems to make the 
-> problems of ftp, port, firewalls, passive clients etc, go away, just open and 
-> forward port 22.

No. the FTP protocol defines 2 TCP connection: control and data. The address
of one end is still sent to either client (passive FTP) or server (active
FTP) before data transfer(s). That causes impossibility to forward FTP
connection in simple way. Some NAT/masquerading servers are able to parse
data from control socket and probably change them to allow those
connections.

Otherwise you can only do passive FTP from behind firewall, only active ftp
to server behind firewall and no FTP if you and server are both behind
firewall.

This is impossible on ftps,because the control socket is encrypted and the
firewall does not know what data are sent over the control socket.
-- 
Matus "fantomas" Uhlar, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I don't wish to receive spam to this address.
Varovanie: Nezelam si na tuto adresu dostavat akukolvek reklamnu postu.
Linux IS user friendly, it's just selective who its friends are...

Reply to:

References:
- ftpd-ssl
  - From: mjoyce <mjoyce@totalise.co.uk>

Prev by Date: Re: Where does "dpkg -l" reads package info?
Next by Date: Re: Safety of Upgrading Unstable
Previous by thread: Re: ftpd-ssl
Next by thread: RE: ftpd-ssl
Index(es):
- Date
- Thread