Re: Forward ftp request another server

From: Seth Arnold (sarnold@wirex.com)
Date: 07/13/02


Date: Fri, 12 Jul 2002 21:22:35 -0700
From: Seth Arnold <sarnold@wirex.com>
To: SB CH <chulmin2@hotmail.com>


On Fri, Jul 12, 2002 at 09:59:04AM +0000, SB CH wrote:
> I would like to forward ftp request to other server's other port to improve
> the security. Is it possible?

Quite possibly. You know there are two ports involved with ftp; what you
may not know is that there are two different methods of using the two
ports. One method is known as active, the other is known as passive.

In active mode, the client provides an ip/port pair for the server to
connect to. With more and more clients behind firewalls, or worse yet,
NAT boxes, clients are more typically unable to use active mode.

In passive mode, the server provides an ip/port for the client to
connect to. This normally works, since the ftp server has a real IP
address, and its firewall ruleset will allow connections to the port
range used for the data connections.

If you are going to use NAT to redirect ftp, then your clients will
either need to use active mode (not possible for many clients) or your
ftp will need to work very closely with the NAT firewall. The only
system that I know that can do this is ftp-proxy in OpenBSD. It is
closely tied to the firewall, so porting it to Linux might be a fair
bit of work.

-- 
http://www.wirex.com/




Relevant Pages

  • Re: Hacked? External address knocks on internal private address...
    ... The important part of your message is that FTP is allowed out... ... You open a connection to an FTP Server and logon. ... When you ask the server for a file the server issues a "PORT" command ... so it can open a port on the firewall to allow the incoming Data ...
    (comp.security.firewalls)
  • RE: FTP Window of opportunity?
    ... does it seemingly accept the connections and drop them once the response ... Subject: FTP Window of opportunity? ... blocked by the firewall. ... the FTP port shows up. ...
    (Pen-Test)
  • RE: FTP Window of opportunity?
    ... target on the line when in reality it was just a firewall lying to them. ... The connection connects and then immediately ... Subject: FTP Window of opportunity? ... the FTP port shows up. ...
    (Pen-Test)
  • Re: FTP error using a MAC
    ... Yes, you are using active mode, but the firewall/NAT can't take care of it ... behind a firewall, you then told me to change to active mode? ... In active mode the FTP client connects from a random unprivileged port N ...
    (microsoft.public.inetserver.iis.ftp)
  • Re: site stopped working
    ... ok, windows firewall is NOT running, when i checked it there was a message ... when i open the ftp connection to the site in ftp.exe at the command line i ... i tried just changing the ftp port to 22, and that didn't do anything, ... Bernard Cheah ...
    (microsoft.public.inetserver.iis.ftp)