Re: FTP ports

Bret Hughes Mon, 23 Oct 2000 20:10:53 -0700
Nic Steussy wrote:

> All,
>
> I am having trouble accessing some, but not all, file downloads with my
> browser.  Presume I am working on a client machine behind a RH IPCHAINS
> firewall that connects me to the net.  When I click on the download cue,
> the browser hangs, and my IPCHAINS firewall reports a series of input
> packets.  e.g. I try to download from 198.4.202.8 and I get a bunch of:
>
> Oct 22 08:15:27 digitus kernel: Packet log: input DENY eth1 PROTO=6
> 198.4.202.8:64393 my.ip.addre.ss:63731 L=40 S=0x00 I=34679 F=0x4000 T=52
> (#61)
>
> If I drop to a command line and access the ftp site directly I can
> download the file without problem.  So, what is this connection that
> some sites try to make with my machine?  So far as I know, it is not
> part of the ftp protocol.

Nic-

I may be a little off here but I believe that this behavior is indeed part
of the protocol.  The default behavior is close to the following:

ftp client connects to port 21 of the server and says, I want to establish
a connection.

server does the authentcation deal and then negotiates a port for the
session, usually the next port up on the client machine from the port that
the client connected from.

The server establishes a session to the client machine on the negotiated
port

In firewalled situations the server cannot establish the connection and
nothing works.  The pasv (passive) command tells the server that the
session needs to be done on the same port, I believe.  There is also a
ip_masq_ftp module that can be installed on the firewall that allows
regular transfers (I think that is what is does any way).

It is my understanding that not all servers support pasv although I rarely
have probelms.  But then my firewall script (Gordon's) inserts all the
modules for me so they are there.



  # Load all available ip_masq modules.  Red Hat 6.2's modutils package
        # (version 2.3.9-6) will not modprobe if the given argument has the

        # trailing ".o", so strip it off with sed.
        pushd /lib/modules/`uname -r`/ipv4/ >/dev/null
        ls ip_masq* | sed 's/.o$//' | while read masqmod ; do
                action "Loading masquerade module $masqmod " \
                        modprobe "$masqmod"
        done
        popd >/dev/null

HTH
Bret



_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: FTP ports

Reply via email to
