ftp passive mode

From: Kevin (kevin_at_hotmail.com)
Date: 03/24/05 

Date: Thu, 24 Mar 2005 21:09:50 +0000

I'm not sure that passive mode really changes in the behaviour of
an ftp client. I see that I connect using passive mode and I can
login etc.

However, commands such as ls and get don't work. I see my client
sending packets to the server on high ports and they are getting
dropped by the firewall.

66.242.33.151.21 > 64.109.151.192.4541: P 78:97(19) ack 37 win
1448 <nop,nop,timestamp 298195787 48978255>(DF)

64.109.151.192.4541 > 66.242.33.151.21: . ack 97 win 57456
<nop,nop,timestamp 48978267 298195787> (DF) [tos 0x10]

Until I log in, the communication is fine with samples of tcpdump
above. When I issue an ``ls''. This happens:

64.109.151.192.4541 > 66.242.33.151.21: P 37:43(6) ack 97 win
57456 <nop,nop,timestamp 48984892 298195787> (DF) [tos 0x10]

66.242.33.151.21 > 64.109.151.192.4541: P 97:145(48) ack 43 win
1448 <nop,nop,timestamp 298262183 48984892>(DF)

This is probably one of the packets telling which command is
beind issued (I guess, I don't know).

64.109.151.192.4542 > 66.242.33.151.16859: S
2977579832:2977579832(0) win 57344 <mss 1460,nop,wscale
0,nop,nop,timestamp 48984896 0> (DF)

Now my client is trying port 16859 which is probably getting
dropped by the firewall. The next packets are all similar to this
one... trying to get the other end to answer, until it times out.

My client is the usual ftp command. I'm running FreeBSD here. I
was wondering if this is something that I'm doing wrong here or
if the other end must change his firewall settings to make it
possible to connect and use FTP.

Can anyone help? Thank you.

Relevant Pages

  • Re: ipfw or ipf w/stateful behavior
    ... these make the firewall secure enaugh. ... > hosting a FTP server at your site? ... Securing things for an FTP client ...
    (FreeBSD-Security)
  • Re: Is this a 3-Leg Perimeter scenario?
    ... the same configuration as I had it originally before upgrading to ISA 2004 ... No PersisentRoute enrty on the clients; no firewall client disabling; no IE ... using IE to access the FTP. ...
    (microsoft.public.windows.server.sbs)
  • Re: Bug with W2K3, SP1, Windows Firewall and FTP
    ... FTP service is listed, it should be bi-directional. ... I'm confuse as well:) between the advanced tab and exception tab. ... I decided to try adding a port 21 in the firewall exception list ... when I entered a "dir" command at the client FTP prompt, ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: Windows XP and FTP
    ... I believe that you will need to add an exception for the particular application that you intend to use to ensure that the client will be able to connect using that application. ... Thank you for your suggestion - I have tried this, and unfortunately opening ports 20 & 21 on the firewall as an exception does not seem to make a difference, even after a restart of both the connection and the client machine itself. ... Subject: Windows XP and FTP ...
    (Security-Basics)
  • Re: XP SP2 and ftp PUT and GET to AS/400 not working
    ... > I can connect and logon with ftp client but commands GET and PUT does not ... > (I use client that came with Windows) ... > on firewall and even disable firewaal but only thing i could is to connect ...
    (microsoft.public.windowsxp.general)