Re: Why does passive FTP work behind router/firewall?

From: Don Kelloway (dkelloway_at_commodon.com)
Date: 02/27/04 

Date: Fri, 27 Feb 2004 07:12:32 GMT

"Georges Heinesch" <void@void.com> wrote in message
news:403250af_2@news.vo.lu...
> Hi.
>
> I have a question about an SMC router incl. firewall, NAT, ... (model:
> SMC2804WBR V.2).
>
> I use an FTP Server behind this router. Clients can access the server
in
> passive mode and active mode.
>
> active mode: port 21 has to be forwarded. The router configuration was
> changed accordingly by myself and it works! So far, everything is
normal.
>
> passive mode: here comes the interesting part. To make passive mode
> possible, the FTP server (1.) must know the global IP of the router
and
> (2.) must have a defined port pool (must be set in the configuration
of
> the FTP server). On top of this, the router has to be configured to
> forward this defined port pool to the computer where the FTP server is
> running.
>
> I my case, neither the router, nor the FTP server is configured in any
> respect. Hence, passive mode should _not_ work. However it does.
>
> How is that possible?
>
> TIA
>
> --
> Georges

To offer an even better explanation. Please let me refer you to the
following article I wrote about six years ago. I think it may be of
some assistance in understanding the intricacies with PASV FTP and
firewalls. The article is entitled "The difference between PASV FTP and
Normal FTP" and is available from:

http://war.jgaa.com/ftp/?cmd=show_page&ID=ftp_pasv 

--
Best regards,
Don Kelloway
Commodon Communications
Visit http://www.commodon.com to learn about the "Threats to Your
Security on the Internet".

Relevant Pages

  • Re: The Problem with Passive Mode ftp server
    ... Since I am using a router to ... | | of the ftp server and use the port forwarding in my router. ... Are you definitely connecting to SERV-U in passive mode? ...
    (comp.os.linux.networking)
  • Re: The Problem with Passive Mode ftp server
    ... Since I am using a router to ... | | of the ftp server and use the port forwarding in my router. ... Are you definitely connecting to SERV-U in passive mode? ...
    (comp.os.linux.setup)
  • Why does passive FTP work behind router/firewall?
    ... I have a question about an SMC router incl. ... I use an FTP Server behind this router. ... The router configuration was ... passive mode: ...
    (comp.security.firewalls)
  • Re: Linksys BEFSR41 V.2 and ftp
    ... I have a Linksys BEFSR41 V.2 router and am having ... >>trouble connecting to my isp's ftp server to access my homepage files.I am using ... >>WS_FTP Pro ver. ... >Try if it works when you set the FTP Client to passive mode (check the ...
    (comp.security.firewalls)
  • Re: Why does passive FTP work behind router/firewall?
    ... > I use an FTP Server behind this router. ... port 21 has to be forwarded. ... > passive mode: ...
    (comp.security.firewalls)
Quantcast