Re: FTP tunneling with XP Firewall?
From: Magnus Persson (magnus.persson@timelox.com)
Date: 08/13/02
- Next message: funk-bot: "Symlinks"
- Previous message: Bijesh.V.M.: "Re: Modifying IP address by modifying the registry programatically"
- In reply to: Bisirat: "Re: FTP tunneling with XP Firewall?"
- Next in thread: Alun Jones: "Re: FTP tunneling with XP Firewall?"
- Reply: Alun Jones: "Re: FTP tunneling with XP Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Magnus Persson" <magnus.persson@timelox.com> Date: Tue, 13 Aug 2002 08:43:05 +0200
Nope...that's not the case.
Sure you can open any port you like but if you want to use an FTP server
behind the ICF on a port different than the default 21 you need NAT proxy
code to tunnel the ports randomized by the FTP server. If you are not
familiar with how an FTP server works I will explain it very briefly.
The client connects to the FTP server on the specified port (21 if the
default port is used). A command socket is then established between the
client and the server. The client then asks the server for a 2nd socket used
to send the data on (ie. the files) by sending the "PASV" command to the
server on the command socket. The server will then randomize a new port
number above 1024 and wait for the client to connect to that port. But
unless that port is opened in the ICF access will be denied.
Sure I can open all ports above 1024 but that's the ugly solution and not
what I want.
If you select the "FTP Server" service in the advanced ICF settings a client
can connect to the FTP server on port 21. The NAT proxy code in Windows XP
will then allow access on ANY port above 1024 from that client ONLY (as long
as the initial command socket is connected).
So...if someone knows how to change the port that triggers the NAT proxy
code please let me know.
Regards,
Magnus
"Bisirat" <bisirat@hotmail.com> wrote in message
news:uL59EejQCHA.1628@tkmsftngp10...
> You don't need to do any registry editing, just right click your internet
> connection Properties>>Advanced tab>>click on Settings...>>Services
> tab>>click Add..>> then add what ever port that you want open.
>
> "Magnus Persson" <magnus.persson@timelox.com> wrote in message
> news:#YtObKdQCHA.2752@tkmsftngp12...
> > When selecting "FTP Server" as a service in the advanced settings for
the
> > WinXP firewall all traffic will be tunnelled through port 21. Some time
> ago
> > I asked how this port could be changed to a different port than 21 and
> > someone (think it was a Microsoft-tech) gave me the proper registry key
to
> > create with the port to use. Unfortunatelly I lost that key so I don't
> know
> > how to change the port for the "FTP Server" service. Can someone please
> give
> > me the proper registry key to change the tunneling port used by the
WinXP
> > firewall service "FTP Server"?
> >
> > /Magnus
> >
> >
>
>
- Next message: funk-bot: "Symlinks"
- Previous message: Bijesh.V.M.: "Re: Modifying IP address by modifying the registry programatically"
- In reply to: Bisirat: "Re: FTP tunneling with XP Firewall?"
- Next in thread: Alun Jones: "Re: FTP tunneling with XP Firewall?"
- Reply: Alun Jones: "Re: FTP tunneling with XP Firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
