why passive mode? - I FOUND THE ANSWER MYSELF
Bruno Negrão
Bruno Negrão
Fri, 11 Jan 2002 10:39:28 -0200
This is a multi-part message in MIME format.
------=_NextPart_000_0025_01C19A8C.3F1C4200
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
I found this in altavista:
>=20
> What's FTP Passive mode ? Where can i find any resources on the
> web ?
Basically, FTP works as follows:
1) client connects to server, port 21 (ftp).
2) client sends commands like USER and PASS to login and other things.
3) When client wants to transfer data (for instance, doing an ls or
getting/putting a file) it does this in one of two ways:
Active:
The client sends the server an ip address and port to connect to.
The IP address is presumably its own, and the port is a random one that
the client has grabbed. So, using active mode, all data connections are
done in reverse... the server connects to the client. This causes
problems for firewalls, understandably.
Passive:
The client requests that the server specify an ip address and a
port to connect to, just as the client would in active mode. This means
that data connections are made in the same direction as the original
control connection, and so they present far fewer firewall problems.
As for where to find info on the web, you can look at the official
documentation:
ftp://nic.merit.edu/documents/rfc/rfc0959.txt
Or you can search yourself.
----- Original Message -----=20
From: Bruno Negr=E3o=20
To: netfilter@lists.samba.org=20
Sent: Friday, January 11, 2002 10:32 AM
Subject: ftp: why passive mode?
Hy all,
I found my ftp clients behind my linux firewall(making SNAT) just can =
make successfull ftp transfers if they're using ftp clients in passive =
mode.
Someone could tell me what is the reason of this?
Wouldn't the ip_conntrack_ftp module work to get the normal ftp =
connections functional?
Thank you.
-------------------------------------------------
-- Bruno Negr=E3o -- Suporte
-- Plugway Acesso Internet Ltda.
-- (31)34812311
-- bnegrao@plugway.com.br
------=_NextPart_000_0025_01C19A8C.3F1C4200
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; =
charset=3Diso-8859-1">
<META content=3D"MSHTML 5.50.4912.300" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT face=3DArial size=3D2>I found this in altavista:</FONT></DIV>
<DIV><I><BR>> </I><BR><I>> What's FTP Passive mode ? Where can i =
find any=20
resources on the</I><BR><I>> web ?</I><BR></DIV>
<DIV>
<P>Basically, FTP works as follows:<BR>
<P>1) client connects to server, port 21 (ftp).<BR>2) client sends =
commands like=20
USER and PASS to login and other things.<BR>3) When client wants to =
transfer=20
data (for instance, doing an ls or<BR>getting/putting a file) it does =
this in=20
one of two ways:<BR>
<P>Active:<BR>The client sends the server an ip address and port to =
connect=20
to.<BR>The IP address is presumably its own, and the port is a random =
one=20
that<BR>the client has grabbed. So, using active mode, all data =
connections=20
are<BR>done in reverse... the server connects to the client. This=20
causes<BR>problems for firewalls, understandably.<BR>
<P>Passive:<BR>The client requests that the server specify an ip address =
and=20
a<BR>port to connect to, just as the client would in active mode. This=20
means<BR>that data connections are made in the same direction as the=20
original<BR>control connection, and so they present far fewer firewall=20
problems.<BR>
<P>As for where to find info on the web, you can look at the=20
official<BR>documentation:<BR><A=20
href=3D"ftp://nic.merit.edu/documents/rfc/rfc0959.txt">ftp://nic.merit.ed=
u/documents/rfc/rfc0959.txt</A><BR>Or=20
you can search yourself.<BR></P></DIV>
<BLOCKQUOTE dir=3Dltr=20
style=3D"PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; =
BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style=3D"FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV=20
style=3D"BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: =
black"><B>From:</B>=20
<A title=3Dbnegrao@engepel.com.br =
href=3D"mailto:bnegrao@engepel.com.br">Bruno=20
Negr=E3o</A> </DIV>
<DIV style=3D"FONT: 10pt arial"><B>To:</B> <A =
title=3Dnetfilter@lists.samba.org=20
=
href=3D"mailto:netfilter@lists.samba.org">netfilter@lists.samba.org</A> =
</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Sent:</B> Friday, January 11, 2002 =
10:32=20
AM</DIV>
<DIV style=3D"FONT: 10pt arial"><B>Subject:</B> ftp: why passive =
mode?</DIV>
<DIV><BR></DIV>
<DIV><FONT face=3DArial size=3D2>Hy all,</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>I found my ftp clients behind my =
linux=20
firewall(making SNAT) just can make successfull ftp transfers if =
they're using=20
ftp clients in passive mode.</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Someone could tell me what is the =
reason of=20
this?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2>Wouldn't the =
ip_conntrack_ftp module=20
work to get the normal ftp connections functional?</FONT></DIV>
<DIV><FONT face=3DArial size=3D2></FONT> </DIV>
<DIV><FONT face=3DArial size=3D2>Thank you.</FONT></DIV>
<DIV><FONT face=3DArial=20
size=3D2>-------------------------------------------------<BR> -- =
Bruno=20
Negr=E3o -- Suporte<BR> -- Plugway Acesso Internet =
Ltda.<BR> --=20
(31)34812311<BR> -- <A=20
=
href=3D"mailto:bnegrao@plugway.com.br">bnegrao@plugway.com.br</A></FONT><=
/DIV></BLOCKQUOTE></BODY></HTML>
------=_NextPart_000_0025_01C19A8C.3F1C4200--