Robert, Thanks for explaining that to us. I thought that was how it was.
My question then, remains:- If I want the server to support passive mode, and open up a set of ports to support it, how do I instruct the wu-ftpd to use the set of ports that I have opened up? I cannot see any configuration options in kwuftpd that address this. Thanks, Julian. ==================================== At 07:27 AM 1/17/02, you wrote: >Rob, you're close, but have a few things mixed up. > >You're control port (21) will always stay static on that port. It will >never change unless someone configure the FTP server to listen on a >different port. > >Port 20 (the data port) is for active connections. It too is statically >bound to that port. It will never change. however, this is somewhat >insecure, since haxors can use sniffing devices to listen to data >passing on that port. > >Hence the introduction of passive connections. When a data transfer is >about to commence, the FTP server sends a port number to the client, >telling it what port the client should communicate on (it's usually a >really high port > 1024). Each time a FTP server must communicate via >passive mode, a different port is randomly chosen as to lower the >possibility of sniffed data. > >The FTP client controls whether an active/passive connection is used. >However, certain FTP clients don't give you the option to use either or >(ie: Win95 DOS ftp). > >-Rob > > > Hey Julian, > > > > Yes, there's something about that. Passive ftp vs active. Active ftp will > > jump around with it use of ports (I don't know if it's the data, > control, or > > both that actually jump). > > I'm not sure if you can tell the server whether or not to use passive, > but I > > know you can tell the client. Sometimes people forget that IE can be > used as > > an ftp client, so don't forget to set the passive ftp check box in the IE > > tools/options area. > > > > Hopefully you won't need a whole book on ftp. It's a lot less complex than > > something like email or DNS!! > > > > Nice to see you around again Julian! > > > > Rob > > > > > > -----Original Message----- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED]]On Behalf Of Julian Opificius > > Sent: Wednesday, January 16, 2002 7:48 PM > > To: [EMAIL PROTECTED] > > Subject: RE: NAT and FTP > > > > > > Cheers Robert. Is it always port 20? Somehow I thought that a different > > port was opened up for every simultaneous connection. > > > > I sense the imminent need to purchase another O'Reilly book ... ;-) > > > > julian. > > > > > > At 09:35 PM 1/16/02, you wrote: > > >One port's for control and one's for data: > > > > > >make sure you check this out: "cat /etc/services | grep ftp" > > > > > >Rob > > > > > > > > >-----Original Message----- > > >From: [EMAIL PROTECTED] > > >[mailto:[EMAIL PROTECTED]]On Behalf Of Julian Opificius > > >Sent: Wednesday, January 16, 2002 7:12 PM > > >To: [EMAIL PROTECTED] > > >Subject: Re: NAT and FTP > > > > > > > > >Why's that? > > > > > >j. > > >=================== > > >At 08:58 PM 1/16/02, you wrote: > > > >You might want to open up port 20, as well. > > > > > > > >On Wed, 16 Jan 2002, Julian Opificius wrote: > > > > > > > > > Hi folks, > > > > > > > > > > I'm using NAT on my Cisco 678 DSL modem, to connect my real IP > into my > > > > > private LAN. > > > > > I want to run an FTP server on my Linux box, accessible from the > > outside > > > > > world. I know I have to open up port 21, 'cos it's the FTP control > > port, > > > > > but do I have to open up any other ports in order to allow data > > >transfers? > > > > > > > > > > julian. > > > > > > > > > > ---------------------------------------------------------------- > > > > > Just because I'm paranoid doesn't mean they aren't after me ... > > > > > > > > > > Julian Opificius. ICQ 3268206. > > > > > ---------------------------------------------------------------- > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > > > Redhat-list mailing list > > > > > [EMAIL PROTECTED] > > > > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > > > > > > > > > > >_______________________________________________ > > > >Redhat-list mailing list > > > >[EMAIL PROTECTED] > > > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > >---------------------------------------------------------------- > > >Just because I'm paranoid doesn't mean they aren't after me ... > > > > > >Julian Opificius. ICQ 3268206. > > >---------------------------------------------------------------- > > > > > > > > > > > >_______________________________________________ > > >Redhat-list mailing list > > >[EMAIL PROTECTED] > > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > > > > >_______________________________________________ > > >Redhat-list mailing list > > >[EMAIL PROTECTED] > > >https://listman.redhat.com/mailman/listinfo/redhat-list > > > > ---------------------------------------------------------------- > > From my wife: "I'm not playing mind games with you, I'm just making you > > think I'm playing mind games with you ..." > > > > Julian Opificius. ICQ 3268206. > > ---------------------------------------------------------------- > > > > > > > > _______________________________________________ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > > > > > > > _______________________________________________ > > Redhat-list mailing list > > [EMAIL PROTECTED] > > https://listman.redhat.com/mailman/listinfo/redhat-list > > >-- > >-Rob > > > >_______________________________________________ >Redhat-list mailing list >[EMAIL PROTECTED] >https://listman.redhat.com/mailman/listinfo/redhat-list ---------------------------------------------------------------- Just because I'm paranoid doesn't mean they aren't after me ... Julian Opificius. ICQ 3268206. ---------------------------------------------------------------- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
