My firewall is fine, no packets are being dropped here. I am working with the ftp server admin and his firewall admin, tracking down a problem connecting to their server with ftps. They appear to be dropping packets, but don't seem to have the know-how to configure their firewall. So, the server side firewall is essentially out of my control.
The packets are apparently being dropped because of the source ports on the packets lftp sends to the server when trying to establish a data connection after logging in. For example, the server responds with a port number 3004, so lftp replies with a packet with a destination port of 3004 and a source port of 40957. The server either doesn't get the packet because the firewall drops it because of the source port, or the server does get it and sends a packet back to me with a source port of 3004 and a destination port number now of 40957 and this packet gets dropped by the firewall. In either case, all they can tell me is that port 40957 is the "problem". I thought the ftp client picks random source ports (N > 1024, and N + 1) for passive ftp, using the destination port specified by the server. These source ports are what I'd like to limit. On Wed, 2004-06-09 at 02:10, Alexander V. Lukyanov wrote: > On Tue, Jun 08, 2004 at 11:48:43AM -0400, Don Himelrick wrote: > > When I connect to an ftps server, lftp connects to the servers > > destination port using a source port of 40957. The server-side firewall > > appears to be blocking outgoing traffic to very high port numbers. Can > > Does your firewall limit outgoing connections _to_ high port numbers > or _from_ high port numbers? > > If the first, then lftp won't be able to do anything, as the port number > to connect to is given by remote ftp server in passive mode. > > > I limit the the range of source ports that lftp uses for passive > > connections? Something like the ftp:port-range, only for passive > > instead of active? -- Don Himelrick <[EMAIL PROTECTED]>
