Eric Sand - STL ([log in to unmask]) wrote:
: Hi Folks,
:     I have a question about FTP and its use with a Linksys router that
: connects my home network with my ISP. I have discovered that FTP no longer
: is functional on my home network, for the 918LX and my two MS2000 desktops.
: In the "port forwarding" Linksys screen I have port 21 coming in directed to
: the 918LX, but as far as I can tell I have no restrictions on FTPing out.
: When I attempt to connect to an FTP address from the MS2000 systems I am
: prompted for the username and password on the target FTP server and I am
: informed I have signed on, but there is no other response forthcoming such
: as  the results of a "dir" or "ls", and I am then disconnected. An outgoing
: FTP server connection request on the 918LX returns with "Cannot connect to
: host".
:
:     What am I missing? I know this was working a short time ago, or so I
: thought.
:

Can you set the FTP client to passive mode (PAV) ?

     http://www.practicallynetworked.com/support/pasvexplain.htm
     What is PASV mode?

    "This explanation is courtesy of Ted Ede.

     In active mode you talk to the FTP server, and ask for a file.
     Over that connection, the server says to you, "Okay, I'm going to
     send you a file, and I'm going to send it you over a new connection
     to Port X on your machine".  X is from 1024 to 65535.  Your client
     replies, "go for it".

     Now the FTP server tries to open that port, but speaking on a port
     that the NAT gateway would not be expecting a request on.  So, all
     of a sudden your NAT gateway receives a request on Port X, and it
     does not know which machine on the your net that the packet was
     intended for, so it denies the request, and you don't get your
     file.

     On linux, ip_masq_ftp, a kernel module, can be loaded to fix this.
     Instead of blindly NATing away, it eavesdrops on the FTP
     protocol, and it knows in active mode that the server will reply to
     the client over the control connection with a port number which is
     contained in the *data* of the packet.  When a reply comes in on
     this port,  the ip_masq_ftp module tells the NAT code to route it
     to the correct client behind the gateway.  You still need to open
     the firewall to all incoming ports, but only if the source port is
     the FTP data port.

     In PASV (passive) mode, port 21 is always initiated by the client
     for control and port 20 is always initiated by the client to
     receive data.  This makes it NATable.  Most FTP clients are set to
     Active mode by default and must be told to switch to PASV mode.
     It's kind of a misnomer to say the client is passive.   Basically,
     it instructs the server to be passive, telling it, "Hey FTP server,
     don't get active on me!  When I want the file, I'll open a
     connection to you and get it."

     So, you may be saying, why did they bother with this active baloney
     at all?  Like everything invented in unix, there's more to it than
     meets the eye. Two properly implemented FTP servers can be made to
     work together from a third machine.  Using the FTP control port
     from machine A, you can tell the FTP server on machine B to
     download the contents of a directory on machine C.  This is
     basically how FTP mirror sites get updated."

Also, what is the version of the Linksys firmware ? The release notes
for 1.43,  Sep 4,02, state:

     "Changed FTP client connection for stability."


--Jerry Leslie   (my opinions are strictly my own)
  Note: [log in to unmask] is invalid for email

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *