Re: Why does passive FTP work behind router/firewall?
From: Don Kelloway (dkelloway_at_commodon.com)
Date: 02/27/04
- Next message: Don Kelloway: "Re: Why does passive FTP work behind router/firewall?"
- Previous message: Frank Staal: "Re: Why choose Kerio instead of ZA?"
- In reply to: Georges Heinesch: "Why does passive FTP work behind router/firewall?"
- Next in thread: Don Kelloway: "Re: Why does passive FTP work behind router/firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 27 Feb 2004 07:06:26 GMT
"Georges Heinesch" <void@void.com> wrote in message
news:403250af_2@news.vo.lu...
> Hi.
>
> I have a question about an SMC router incl. firewall, NAT, ... (model:
> SMC2804WBR V.2).
>
> I use an FTP Server behind this router. Clients can access the server
in
> passive mode and active mode.
>
> active mode: port 21 has to be forwarded. The router configuration was
> changed accordingly by myself and it works! So far, everything is
normal.
>
> passive mode: here comes the interesting part. To make passive mode
> possible, the FTP server (1.) must know the global IP of the router
and
> (2.) must have a defined port pool (must be set in the configuration
of
> the FTP server). On top of this, the router has to be configured to
> forward this defined port pool to the computer where the FTP server is
> running.
>
> I my case, neither the router, nor the FTP server is configured in any
> respect. Hence, passive mode should _not_ work. However it does.
>
> How is that possible?
>
> TIA
>
> --
> Georges
After the external client establishes the inbound Control Channel (to
port 21) to the internal FTP server. The external client informs the
FTP server that it wants to use PASV FTP for it's method.
When the FTP server receives the PASV command, it responds back to the
external client with the IP address of itself along with a port number
for the external client to connect toe. When this information is passed
through the Firewall, the Firewall rewrites it and caches it.
When the external client receives the IP address and port information,
it will then establish the inbound Data Channel to the IP address and
port the Firewall has inserted. When the Firewall receives the inbound
request, it rewrites the information back and allows the connection into
the FTP server.
-- Best regards, Don Kelloway Commodon Communications Visit http://www.commodon.com to learn about the "Threats to Your Security on the Internet".
- Next message: Don Kelloway: "Re: Why does passive FTP work behind router/firewall?"
- Previous message: Frank Staal: "Re: Why choose Kerio instead of ZA?"
- In reply to: Georges Heinesch: "Why does passive FTP work behind router/firewall?"
- Next in thread: Don Kelloway: "Re: Why does passive FTP work behind router/firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
