On Saturday 05 July 2003 11:52 pm, Martin WHEELER wrote: > Solutions suggested so far have been to turn off, or make completely > transparent, any firewall between you and them (!!!); or to turn off > passive ftp mode. (makes no difference, incidentally)
It sounds like they are now denying all incoming connections on non standard ports -> i.e. they will accept 21 for FTP and 80 for WWW, but not much else. I can understand why they've done this, since it closes a lot of possibilities for remote shells / backdoor exploits. In passive mode, their server must allow incoming connections on some arbritrary TCP ports, but in non-passive (active) mode, it is /your/ computer that must allow the incoming connections. The fact that some people using CuteFTP got it to work is pretty irrelevant - they're probably using ADSL modems directly connected to their Windows PC, and so have a direct non-firewalled connection capable of receiving TCP connections on strange ports. I'm guessing you're either actually firewalled, or are simply doing IP MASQ which will have much the same effect.. You might want to look into the FTP connection-tracking module, since I believe this will deal properly with active FTP by actually watching the FTP connection data pass through, and will do some magic when it sees the PORT command (not PASV !) being issued... Cheers, Gavin. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
