FTP, Win-NT, and xFTP

[Alexander Dalloz]

Am Mo, den 29.12.2003 schrieb Krikket um 06:38:
> On Tue, 30 Dec 2003, Sturla Holm Hansen wrote:
> 
> > Sounds like a firewall-problem to me, I had the same when setting up
> > iptables for the first time, the sollution for me was to open for
> > outgoing connections on ports above 1024 and incoming
> > RELATED/ESTABLISHED on the same ports.
> > The problem is that the ftp-server doesn't communicate on the designated
> > ftp port, it just sets up the session there and then tells your client
> > what port to connect to.
> > Don't know if this solves it for you, but that was the sollution when I
> > had the exact same problem.
> 
> Does that mean that some FTP clients are smarter than others, and can work
> around the firewall?

No, a firewall which earns her name has always the control over all
connections. Using FTP you can't bypass.

> Hrm.  When I get home, I'll have to poke around with it.  While I can work
> the firewall via lynx, it's a bit kludgy, and I'm not sure what I'm
> doing...  Better to play it safe...

FTP works different than many other protocols as you have 2 port-port
connections: one control connection and one data connection. Depending
on the mode - active or passive mode - there are different ports needed
and the negociation is handled different. For an lucent explaination
see:

http://slacksite.com/other/ftp.html

Again, I would recommend you set you FTP client into active mode.
Clients handle this different by default.

> Krikket

Alexander


-- 
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416  14CD E197 6E88 ED69 5653
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20031229/95098f1b/attachment-0001.sig>