Re: Restricting FTP data connection port range?
From: Robert Miller (rmiller_at_SMUD.ORG)
Date: 11/10/05
- Previous message: Lamar Saxon: "Re: Restricting FTP data connection port range?"
- Maybe in reply to: Robert Miller: "Restricting FTP data connection port range?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 10 Nov 2005 09:27:34 -0800 To: aix-l@Princeton.EDU
My suspicion is that it is a firewall, network, or FTP server config
issue... unfortunately both our network folks and theirs seem to be
convinced it's a client problem, so until I can prove otherwise it's my
problem...
--rm
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Lamar Saxon
Sent: Thursday, November 10, 2005 9:15 AM
To: aix-l@Princeton.EDU
Subject: Re: Restricting FTP data connection port range?
Not sure how you are going to restrict the port range of the client
since the connection is going to be made to any open port on the client.
We have had this issue before and it was due to the way our firewall
rules were configured. I don't think we ever came up with a way to lock
/ limit the socket connection back to the client.
Is this what you are experiencing ? A firewall blocking the port range
of the connection ?
Just curious, thanks...
Lamar
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Robert Miller
Sent: Thursday, November 10, 2005 11:08 AM
To: aix-l@Princeton.EDU
Subject: Re: Restricting FTP data connection port range?
Actually this problem is happening both in active and passive mode
(forgot to put that in the original question). You can actually set the
FTP client to passive mode when using it interactively, which is how I
was testing, and they both failed the same way...
--rm
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU]On Behalf Of
Lamar Saxon
Sent: Thursday, November 10, 2005 8:58 AM
To: aix-l@Princeton.EDU
Subject: Re: Restricting FTP data connection port range?
Might look @ putting the client in passive mode. From the docs:
passive Toggles passive mode for file transfers. When a file transfer
command (such as get, mget, put, or mput) is invoked with passive mode
off, the ftp server opens a data connection back to the client. In
passive mode, the client opens data connections to the server when
sending or receiving data.
This should force the client to open the connection back to the server.
Not sure this will eliminate the issue though since the connection will
be made between ftp server and an open socket on the client.
Lamar
-----Original Message-----
From: IBM AIX Discussion List [mailto:aix-l@Princeton.EDU] On Behalf Of
Robert Miller
Sent: Thursday, November 10, 2005 10:45 AM
To: aix-l@Princeton.EDU
Subject: Restricting FTP data connection port range?
Folks,
We've been having an odd problem connecting to an FTP server, and they
have asked that I restrict the FTP data ports from the client end (our
end).
Specifically, we're getting "425 Can't open data connection" errors
intermittently, and the only thing that seems to be consistent is that
the problem occurs when port 65535 is used.
Does anyone know a way of restricting FTP data traffic to specific ports
with the regular, vanilla FTP client? We're using AIX 5.2 ML2.
I have briefly looked at the "no" command, and it looks like it might be
useful, but I'm wondering what other effects restricting the available
ports might have.
Hopefully someone has already had to do this and knows the right bits to
twiddle :)
--rm
Privileged and Confidential. This e-mail, and any attachments there to,
is intended only for use by the addressee(s) named herein and may
contain privileged or confidential information. If you have received
this e-mail in error, please notify me immediately by a return e-mail
and delete this e-mail. You are hereby notified that any dissemination,
distribution or copying of this e-mail and/or any attachments thereto,
is strictly prohibited.
- Previous message: Lamar Saxon: "Re: Restricting FTP data connection port range?"
- Maybe in reply to: Robert Miller: "Restricting FTP data connection port range?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
