Re: ftp passive mode
From: Kevin Thompson (kthompson_11_11_at_hotmail.com)
Date: 03/25/05
- Previous message: Ted Timar: "Welcome to comp.unix.questions [Frequent posting]"
- In reply to: Barry Margolin: "Re: ftp passive mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 25 Mar 2005 01:12:53 +0000
On Thu, 24 Mar 2005 22:14:06 -0500,
Barry Margolin <barmar@alum.mit.edu> wrote:
> In article <20050324210950.35e373c4.kevin@hotmail.com>,
> Kevin <kevin@hotmail.com> wrote:
>
> > I'm not sure that passive mode really changes in the
> > behaviour of an ftp client. I see that I connect using
> > passive mode and I can login etc.
> >
> > However, commands such as ls and get don't work. I see my
> > client sending packets to the server on high ports and they
> > are getting dropped by the firewall.
>
> Your firewall needs to allow high ports out. Or it must
> monitor the FTP control connection and recognize the response
> to the PASV command, and open the port that the server tells
> you to connect on.
>
> >
> > 66.242.33.151.21 > 64.109.151.192.4541: P 78:97(19) ack 37
> > win 1448 <nop,nop,timestamp 298195787 48978255>(DF)
> >
> > 64.109.151.192.4541 > 66.242.33.151.21: . ack 97 win 57456
> > <nop,nop,timestamp 48978267 298195787> (DF) [tos 0x10]
> >
> > Until I log in, the communication is fine with samples of
> > tcpdump above. When I issue an ``ls''. This happens:
> >
> > 64.109.151.192.4541 > 66.242.33.151.21: P 37:43(6) ack 97 win
> > 57456 <nop,nop,timestamp 48984892 298195787> (DF) [tos 0x10]
> >
> > 66.242.33.151.21 > 64.109.151.192.4541: P 97:145(48) ack 43
> > win 1448 <nop,nop,timestamp 298262183 48984892>(DF)
> >
> > This is probably one of the packets telling which command is
> > beind issued (I guess, I don't know).
> >
> > 64.109.151.192.4542 > 66.242.33.151.16859: S
> > 2977579832:2977579832(0) win 57344 <mss 1460,nop,wscale
> > 0,nop,nop,timestamp 48984896 0> (DF)
> >
> > Now my client is trying port 16859 which is probably getting
> > dropped by the firewall. The next packets are all similar to
> > this one... trying to get the other end to answer, until it
> > times out.
>
> That's how passive mode works. In active mode, the server
> would try to connect to the client on a high port, in passive
> mode the client connects to the server on a high port.
Mmm I see. Things make sense now. Thank you much, Barry.
- Previous message: Ted Timar: "Welcome to comp.unix.questions [Frequent posting]"
- In reply to: Barry Margolin: "Re: ftp passive mode"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
