LISTSERV - HP3000-L Archives

HP3000-L Archives

August 2006, Week 4

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L August 2006, Week 4

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	PASSIVE FTP and Firewall
From:	James Hofmeister <[log in to unmask]>
Reply To:	James Hofmeister <[log in to unmask]>
Date:	Thu, 24 Aug 2006 18:56:42 -0400
Content-Type:	text/plain
Parts/Attachments:	text/plain (67 lines)

Hello Greg, all,

my notes on passive:

ftp> debug
Debugging on (debug=1).  (FTPINFO 24)

The default operation (not passive) is for the FTP Client to send a
"port" message to the FTP Server specifying where the client will be
listening for a inbound data connection to be opened from/by the server.
In this port message the first 4 octets are the IP address and the next
2 octets are combined to specify the port number.

ftp> put x
---> PORT 16,113,9,92,172,218  <IP address 16.113.9.92 TCP port 44250>
200 PORT command successful.
---> STOR x
150 Opening ASCII mode data connection for x.
226 Transfer complete.
1155380 bytes sent in 1.64 seconds (688.83 Kbytes/sec), 0.247 FTP CPU
seconds
ftp>

The passive operation is for the FTP Client to send a "pasv" message to the
FTP Server specifying that the server will make the decision of the TCP port
number that the client will be listening on for a inbound data connection to
be opened from/by the server.

ftp> put x
---> PASV
227 Entering Passive Mode (16,89,16,131,242,103)
---> STOR x                   <IP address 16.89.16.131 TCP port 62055>
150 Opening ASCII mode data connection for x.
226 Transfer complete.
1155380 bytes sent in 2.64 seconds (426.90 Kbytes/sec), 0.246 FTP CPU
seconds

----------

It is the PASV command that can be intercepted by a firewall.  The firewall
would send a "227 reply" to the FTP Client with the IP address of the FTP
Server (or it's own) and the TCP port number that it has open ~and~ then it
would form and send a "PORT" command to the local FTP Server specifying the
IP address of the FTP Client and the TCP port number it has open.

Note: The operation of a "firewall" could be specific to the implementation
so this may vary from what I documented in some ways.

note2 : In the MPE FTP banner for both the FTP client and FTP server, the
"PASSIVE SUPPORT" or "PASV SUPPORT" text only indicates that the FTP code
supports the "passive" functionality, not that you currently are in
"passive" mode.

I hope this helps.

The warranty and liability expired as you read this message.  If the above
breaks your system, it's yours and you keep both pieces.

Regards,
James Hofmeister
Email: <first>.<last>@hp.com
Hewlett Packard - Global Solutions Engineering (WTEC)
P.S. My Ideals are my own, not necessarily my employers.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *

ATOM RSS1 RSS2

RAVEN.UTC.EDU