Re: Passive mode FTP under Solaris 10?
- From: Stefaan A Eeckels <hoendech@xxxxxx>
- Date: Sat, 9 Dec 2006 00:46:50 +0100
On Fri, 08 Dec 2006 05:43:08 -0500
Kevyn Ford <kbford@xxxxxxxxxxxx> wrote:
After spending a bit of time learning more about Active .vs Passive
mode FTP - more than this software developer ever wanted to learn -
I've come to understand that I need to specify a range of high ports
to be used in Passive mode...no problem there.
But how do I configure the out-of-the-box Solaris 10 ftpd to specify
that range? I need to be able to setup the corresponding port
forwarding range in my Linksys router but I can't seem to find
information on specifying that range for ftpd.
There seems to be alternate ftp server software that's easy to
configure...but I'd rather not replace the default unless absolutlely
necessary...
Any suggestions?
Read the ftpaccess(4) man page, where you will find the following:
passive address externalip cidr
Allow control of the address reported in response to a
passive command. When any control connection matching
cidr requests a passive data connection (PASV), the
externalip address is reported. This does not change the
address that the daemon actually listens on, only the
address reported to the client. This feature allows the
daemon to operate correctly behind IP renumbering
firewalls. For example:
passive address 10.0.1.15 10.0.0.0/8
passive address 192.168.1.5 0.0.0.0/0
Clients connecting from the class-A network 10 will be
told the passive connection is listening on IP address
10.0.1.15 while all others will be told the connection
is listening on 192.168.1.5. Multiple passive addresses
may be specified to handle complex, or multi-gatewayed,
networks.
passive ports cidr min max
Allows control of the TCP port numbers which may be used
for a passive data connection. If the control connection
matches the cidr, a port in the range min to max will be
randomly selected for the daemon to listen on. This
feature allows firewalls to limit the ports that remote
clients may use to connect into the protected network.
cidr is shorthand for an IP address followed by a slash
and the number of left-most bits that represent the net-
work address, as opposed to the machine address. For
example, if you are using the reserved class-A network
10, instead of a netmask of 255.0.0.0, use a CIDR of /8,
as in 10.0.0.0/8, to represent your network.
When min and max are both 0, the kernel rather than the
FTP server selects the TCP port to listen on. Kernel
port selection is usually not desirable if the kernel
allocates TCP ports sequentially. If in doubt, let the
FTP server do the port selection.
Take care,
--
Stefaan A Eeckels
--
Isn't it amazing how a large number of evil morons can give the
appearance of being a single evil genius? --Mel Rimmer
.
- References:
- Passive mode FTP under Solaris 10?
- From: Kevyn Ford
- Passive mode FTP under Solaris 10?
- Prev by Date: Securing NFS in Solaris 10 servers (Beginner Question)
- Next by Date: Sun Microsystems and StorageTek for Copyright Infringement
- Previous by thread: Re: Passive mode FTP under Solaris 10?
- Next by thread: Re: Passive mode FTP under Solaris 10?
- Index(es):
Relevant Pages
|
