active ftp through firewall

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I am trying to send PORT command to a ftp server from the firewall
machine. I am  sending the puclic ip address to the ftp server. Looks
like port command is successfull because I get status = 200 for it.
But after that ftp server unable to initiate data connection to that

I am able to do data connection using passive connection to this ftp
server but not able to make active connection.

Re: active ftp through firewall

Quoted text here. Click to load it

Your firewall is not smart enough to handle "normal" ftp. Replace fw
or continue using passive ftp.

Peter Håkanson        
        IPSec  Sverige      ( At Gothenburg Riverside )
           Sorry about my e-mail address, but i'm trying to keep spam out,
       remove "icke-reklam" if you feel for mailing me. Thanx.

Re: active ftp through firewall (Pamela) wrote in

Quoted text here. Click to load it

Here's what going on:

When you send the PORT command, the server tries to connect
to your computer (as if you were running a server) on that
PORT.  However, your firewall is blocking the connection from
the FTP server.

FTP Server                                                Your system

21 Control   <-----------Step 1---------------OUT to Server
                  <-------PORT xxxxx---------------OUT to Server
20 DATA------------------------------>Your system, port xxxx
                          Incoming connection blocked by Firewall

You must tell your firewall to allow the inbound connection.
However, in their infinite wisdom, the creators of FTP made
the active connection use a RANDOM port on your computer.
Some FTP clients (such as filezilla) allow you to restrict
the ports that it uses for the PORT command.

Re: active ftp through firewall

Quoted text here. Click to load it

Firewalls are supposed to watch the traffic on the FTP command channel,
and notice when a PORT command goes through so that they can open up
that port for an inbound connection from the FTP server.

Barry Margolin,
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***

Re: active ftp through firewall

["Followup-To:" header set to]
Quoted text here. Click to load it

And why do you suppose them to do so? A simple port blocking firewall
does no such thing. Some firewalls (``application level'' I have in my
head, but I might be wrong) can indeed do that, but it's by no means
standard for everything that might be called a firewall.

  j p d (at) d s b (dot) t u d e l f t (dot) n l .

Site Timeline