Eric Sand - STL ([log in to unmask]) wrote:
: Hi Folks,
: I have a question about FTP and its use with a Linksys router that
: connects my home network with my ISP. I have discovered that FTP no longer
: is functional on my home network, for the 918LX and my two MS2000 desktops.
: In the "port forwarding" Linksys screen I have port 21 coming in directed to
: the 918LX, but as far as I can tell I have no restrictions on FTPing out.
: When I attempt to connect to an FTP address from the MS2000 systems I am
: prompted for the username and password on the target FTP server and I am
: informed I have signed on, but there is no other response forthcoming such
: as the results of a "dir" or "ls", and I am then disconnected. An outgoing
: FTP server connection request on the 918LX returns with "Cannot connect to
: host".
:
: What am I missing? I know this was working a short time ago, or so I
: thought.
:
Can you set the FTP client to passive mode (PAV) ?
http://www.practicallynetworked.com/support/pasvexplain.htm
What is PASV mode?
"This explanation is courtesy of Ted Ede.
In active mode you talk to the FTP server, and ask for a file.
Over that connection, the server says to you, "Okay, I'm going to
send you a file, and I'm going to send it you over a new connection
to Port X on your machine". X is from 1024 to 65535. Your client
replies, "go for it".
Now the FTP server tries to open that port, but speaking on a port
that the NAT gateway would not be expecting a request on. So, all
of a sudden your NAT gateway receives a request on Port X, and it
does not know which machine on the your net that the packet was
intended for, so it denies the request, and you don't get your
file.
On linux, ip_masq_ftp, a kernel module, can be loaded to fix this.
Instead of blindly NATing away, it eavesdrops on the FTP
protocol, and it knows in active mode that the server will reply to
the client over the control connection with a port number which is
contained in the *data* of the packet. When a reply comes in on
this port, the ip_masq_ftp module tells the NAT code to route it
to the correct client behind the gateway. You still need to open
the firewall to all incoming ports, but only if the source port is
the FTP data port.
In PASV (passive) mode, port 21 is always initiated by the client
for control and port 20 is always initiated by the client to
receive data. This makes it NATable. Most FTP clients are set to
Active mode by default and must be told to switch to PASV mode.
It's kind of a misnomer to say the client is passive. Basically,
it instructs the server to be passive, telling it, "Hey FTP server,
don't get active on me! When I want the file, I'll open a
connection to you and get it."
So, you may be saying, why did they bother with this active baloney
at all? Like everything invented in unix, there's more to it than
meets the eye. Two properly implemented FTP servers can be made to
work together from a third machine. Using the FTP control port
from machine A, you can tell the FTP server on machine B to
download the contents of a directory on machine C. This is
basically how FTP mirror sites get updated."
Also, what is the version of the Linksys firmware ? The release notes
for 1.43, Sep 4,02, state:
"Changed FTP client connection for stability."
--Jerry Leslie (my opinions are strictly my own)
Note: [log in to unmask] is invalid for email
* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
|