Re: Why do i need to use passive transfers?

From: Christian Altenbach (caltenba@ucla.edu.invalid)
Date: 12/18/01 

From: "Christian Altenbach" <caltenba@ucla.edu.invalid>
Date: Mon, 17 Dec 2001 18:07:02 -0800

"Rickard Maltesson" <rickard@it.rmgroup.se> wrote in message
news:9vk9t1$kqj$1@yggdrasil.utfors.se...
> Hi, i have a watchguard firewall and a ftp server, when i try toaccess the
> ftp server without passive transfers it will not connect, does anyone know
> why i need to use passive transfers and what to do about it.

(Bargepole was the only reasonable answer so far, Janus and Alan are
incorrect.)

However, it is not even clear what the question is. The answers above
assumed that the client is behind the firewall and the ftp server is on the
outside. However, if you say YOU have an ftp server, it could also be the
other way around.

FTP support across firewall varies, and some only support certain modes.
Often it also depends if the control connection uses port 21. If the
firewall monitors the control connection for the PORT command and responses
to the PASV command, it has enough information to open the correct secondary
ports on the fly. Many firewall have full support for active and passive
modes in both directions if the control connection is on port 21 (and a rule
allows port 21).

If it works with passive mode, you don't have a problem. Is there any reason
you want to insist on port mode? Use whatever works, there is no difference
in performance!

    Cheers
    C.

Relevant Pages

  • Re: Hacked? External address knocks on internal private address...
    ... The important part of your message is that FTP is allowed out... ... You open a connection to an FTP Server and logon. ... When you ask the server for a file the server issues a "PORT" command ... so it can open a port on the firewall to allow the incoming Data ...
    (comp.security.firewalls)
  • [NEWS] Multiple Firewalls Ruleset Bypass through FTP Revisited
    ... a new attack method affected most leading firewall ... connect to a restrictive port. ... resend control strings supplied by the attacker that a vulnerable firewall ... Connect to FTP server and log on ...
    (Securiteam)
  • Re: SP2 Windows firewall and FTP dilemma
    ... The firewall does not block all inbound traffic - it blocks unsolicited ... If it blocked all traffic your Internet Explorer (port 80) ... Since you are connecting to the FTP server, ... I have turned on Windows ...
    (microsoft.public.windowsxp.network_web)
  • Re: Why do i need to use passive transfers?
    ... >> Hi, i have a watchguard firewall and a ftp server, when i try toaccess ... >> why i need to use passive transfers and what to do about it. ... > Often it also depends if the control connection uses port 21. ...
    (comp.security.firewalls)
  • Re: Firefox
    ... Since I last tried, I have also added a router (with firewall), and a modem, that is also a router, with a firewall, which doesn't make it any easier. ... An FTP server, for me, is simply a minor convenience, that I don't really need anyway. ... You still need client-side support for passive transfers. ... Passive transfer eliminates the need to open additional ports and could help you squeak through a firewall, especially if you are using a non-standard port to begin with. ...
    (comp.os.os2.misc)