Re: ncftp vs. firewall?

Tue, 04 Apr 2000 06:17:46 -0700 

Since no one responded I give it a try.  I don't have any ised what port 0 is but if 
passive works it sound like that the
firewall is (rightly so ) keeping the ftp server from establishing a connection to 
your machine.  Under normal operation an
ftp client contacts a server and tells it that is wants to create a connection and I 
believe sends it a port to connect to.
The client begins listening on the port and the server trys to connect to it.  The 
Firewall sees this incomming connection
from the server and filters it.

In a passive mode the connection is initiated from the client and all is well with the 
firewall.  I know I have to set my ftp
clients behind the firewall to use passive only or I can't get it to work.

Unless I am missing something, everything is working as it is supposed to.

Hope this helps

Bret
"Thomas Ribbrock (Design/DEG)" wrote:

> Hi folks,
>
> I'm looking for some info with regard to ncftp and firewall. What happened
> was this: If for example I tried to connect to ftp.heanet.ie with ncftp, I
> get an error message "no route to host" and my firewall log showed this:
>
> Mar 28 22:40:21 magrat kernel: IP fw-out rej ppp0 TCP MY_DYNAMIC_IP:61003 
>193.1.219.117:0 L=44 S=0x00 I=2648 F=0x0000 T=63
>
> If, however, use the ordinary "ftp ftp.heanet.ie", the connection works
> fine. Also, if I set ncftp to "Passive FTP only", it seems to work.
>
> Hence, I'm looking for someone to shed some light on this or maybe give me a
> pointer to more information, e.g. what's port 0 anyway - /etc/services
> doesn't list it? The rule that blocks those packets claims to block
> SUN RPC packets:
>
>     ipfwadm -O -a reject -o -P tcp -W $EXTERNES_INTERFACE \
>             -S $IPADDR \
>             -D $ANYWHERE 0 87 111 512 513 514 515 540
>
> ($EXTERNES_INTERFACE is "ppp0" - I've got most of the rules for my firewall
> from a German Firewall "HOWTO" - very helpful. I wonder what Babelfish would
> do to it... ;-) )
>
> Any ideas?
>
> Thanks in advance,
>
> Thomas
> --
>              "Look, Ma, no obsolete quotes and plain text only!"
>
>      Thomas Ribbrock | http://www.bigfoot.com/~kaytan | ICQ#: 15839919
>    "You have to live on the edge of reality - to make your dreams come true!"
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.


-- 
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.

Reply via email to