From owner-freebsd-stable  Tue Aug 28 20:42:33 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from grumpy.dyndns.org (user-24-214-57-209.knology.net [24.214.57.209])
	by hub.freebsd.org (Postfix) with ESMTP id 54A7337B408
	for <freebsd-stable@FreeBSD.ORG>; Tue, 28 Aug 2001 20:42:29 -0700 (PDT)
	(envelope-from dkelly@grumpy.dyndns.org)
Received: from localhost (localhost [127.0.0.1])
	by grumpy.dyndns.org (8.11.3/8.11.4) with ESMTP id f7T3gMw72703;
	Tue, 28 Aug 2001 22:42:22 -0500 (CDT)
	(envelope-from dkelly@grumpy.dyndns.org)
Message-Id: <200108290342.f7T3gMw72703@grumpy.dyndns.org>
X-Mailer: exmh version 2.5 07/13/2001 with nmh-1.0.4
To: Jamie Norwood <mistwolf@mushhaven.net>
Cc: freebsd-stable@FreeBSD.ORG
Subject: Re: FTP question 
In-Reply-To: Message from Jamie Norwood <mistwolf@mushhaven.net> 
   of "Tue, 28 Aug 2001 10:35:23 EDT." <20010828103523.A97777@mushhaven.net> 
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Date: Tue, 28 Aug 2001 22:42:22 -0500
From: David Kelly <dkelly@grumpy.dyndns.org>
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG

Jamie Norwood writes:
> I have a machine that is behind a firewall. Port 21 is open for FTP,
> with the intent of using passive mode. However, nothing seems to work.
> I need to know what I need to do to let this work, since we are trying 
> not to open up full telnet.

Aw heck, my other reply got out too soon.

I presume you have some control over the firewall? But I don't
understand, "we are trying not to open up to full telnet." Incoming or
outgoing? Same question for ftp, which side of the firewall is the
client and which side is the server?

To understand where the link failure is occuring you need to compare 
the firewall log with the attempt. Then you'll know what rule is 
blocking.

In non-passive mode the ftp server is told (via the port 21 connection)
what port the client is listening on. Then the server connects from its
port 20 to the specified port for the transfer. A directory listing is a
file transfer.

In passive mode the server tells the client (via the port 21 connection)
which port the server has opened and is listening on to conduct the data
transfer. Then the client opens that link. For clients behind a 
firewall one either has to allow all outgoing connections, or have a 
firewall smart enough to monitor the port 21 communications and open 
specifically for those transactions. /sbin/natd with the punch_fw 
option works for most ftp clients for me in non-passive mode.

-- 
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message