[SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
- From: Wade Jones <wjones@xxxxxxxxxx>
- Date: Sat, 26 Aug 2006 11:20:09 -0500
On Saturday 26 August 2006 10:49, stephan beal wrote:
Problem solved: someone pointed out to me that tftp is not ftp. After
installing vsftpd it more or less works. (i can connect but can't
upload/download. It appears to be a firewall problem, but i'm waiting
on the local admin to disable the firewall so i can test.)
**************************************************************************************
The firewall needs to be specifically configured for FTP; on the Cisco pix
enter fixup protocol ftp 21 (this is enabled by default).
Alternatively, use passive mode FTP, which negates the need for firewall
reconfiguration.
Standard FTP commands run over port 21, file xfers use port 20; this is why
the connection works, but data xfer does not.
== Here's the tech scoop from Cisco ==
Standard mode FTP (also called classic mode FTP) uses two channels for
communication. When a client behind a firewall initiates an FTP connection
from their host, it opens a standard TCP channel from one of its high-order
ports (TCP source port >1023) to destination TCP port 21 on the outside
server. This connection is referred to as the control channel. When the
client requests data from the server, it tells the server to send the data to
a given high-order port. The server acknowledges the request and initiates an
inbound connection from its own port 20 to the high-order port that the
client requested. This connection is referred to as the data channel (port 20
FTP-DATA).
In the past, it was difficult to allow this inbound connection through the
firewall to the requested port on the client without permanently opening port
20 connections from outside servers to inside clients for outbound FTP
connections. This creates a huge potential vulnerability by allowing any
inbound traffic from any host on the Internet with a TCP source port of 20,
regardless of the intent!
Passive mode FTP also uses two channels for communications. The control
channel works the same as in a standard FTP connection, but the data channel
setup works differently. When requesting data from the server, the client
asks the server if it accepts PASV connections. If the server accepts PASV
connections, it sends the client a high-order port number to use for the data
channel. The client then initiates the data connection from its own
high-order port to the port that the server sent.
Because the client initiates both the command and data connections, early
firewalls could easily support this without exposing inside clients to
attack.
--
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@xxxxxxxx
- References:
- [SLE] setting up ftp server under Suse 10.1?
- From: stephan beal
- [SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
- From: stephan beal
- [SLE] setting up ftp server under Suse 10.1?
- Prev by Date: Re: [SLE] Disappearing mouse cursor
- Next by Date: Re: [SLE] NTFS
- Previous by thread: [SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
- Next by thread: Re: [SLE] Re: solved [SLE] setting up ftp server under Suse 10.1?
- Index(es):
Relevant Pages
|
