Re: Restricting FTP data connection port range?

From: Lamar Saxon (Lamar.Saxon_at_AMERICREDIT.COM)
Date: 11/10/05

  • Next message: Robert Miller: "Re: Restricting FTP data connection port range?" 
    Date:         Thu, 10 Nov 2005 10:58:08 -0600
To: aix-l@Princeton.EDU

    Might look @ putting the client in passive mode. From the docs:

    passive Toggles passive mode for file transfers. When a file transfer
    command (such as get, mget, put, or mput) is invoked with passive mode
    off, the ftp server opens a data connection back to the client. In
    passive mode, the client opens data connections to the server when
    sending or receiving data.

    This should force the client to open the connection back to the server.
    Not sure this will eliminate the issue though since the connection will
    be made between ftp server and an open socket on the client.

    Lamar

    -----Original Message-----
    From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
    Robert Miller
    Sent: Thursday, November 10, 2005 10:45 AM
    To: aix-l@Princeton.EDU
    Subject: Restricting FTP data connection port range?

    Folks,

    We've been having an odd problem connecting to an FTP server, and they
    have asked that I restrict the FTP data ports from the client end (our
    end).

    Specifically, we're getting "425 Can't open data connection" errors
    intermittently, and the only thing that seems to be consistent is that
    the problem occurs when port 65535 is used.

    Does anyone know a way of restricting FTP data traffic to specific ports
    with the regular, vanilla FTP client? We're using AIX 5.2 ML2.

    I have briefly looked at the "no" command, and it looks like it might be
    useful, but I'm wondering what other effects restricting the available
    ports might have.

    Hopefully someone has already had to do this and knows the right bits to
    twiddle :)

    --rm

    Privileged and Confidential. This e-mail, and any attachments there to, is intended only for use by the addressee(s) named herein and may contain privileged or confidential information. If you have received this e-mail in error, please notify me immediately by a return e-mail and delete this e-mail. You are hereby notified that any dissemination, distribution or copying of this e-mail and/or any attachments thereto, is strictly prohibited.

  • Next message: Robert Miller: "Re: Restricting FTP data connection port range?"

    Relevant Pages

    • Re: FTP transmission issue
      ... ftp.exe is an active mode client. ... act as a passive mode client. ... Command prompt FTP is BAD news... ... Either that or Drop your FTP server ...
      (microsoft.public.inetserver.iis.ftp)
    • Odd ftpd Problem
      ... My ftpd server fails when requesting passive mode from an internet client, ... I have a separate multi-homed server for the network firewall. ... except for the ftp passive mode. ...
      (linux.redhat.misc)
    • Re: ftp hangs
      ... But I have just used the same Solaris 10 ftp client and connected to the HP C3600's ftp server. ... it possible that it just defaults to passive mode so that the command to ... No, I can't be sure about the HP ftp server, but I tried both with and without the "passive" command from Sun's ftp client and find it works with the HP server in either case. ...
      (comp.unix.solaris)
    • Re: - rc.DHCP.firewall (0/1) FTP on Mac behind IPTables...illegal port/cannot connect
      ... other is the DATA connection, and supports 2 modes of operation: ... since the connecting server cannot distinguish the masq box from ... your client and your masq box cannot know ... is trying to FTP to THAT, instead of your G4 client - do no be workie workie ...
      (comp.os.linux.security)
    • Re: Restricting FTP data connection port range?
      ... Restricting FTP data connection port range? ... Not sure how you are going to restrict the port range of the client ...
      (AIX-L)