[SATLUG] FTP server behind router

Wed Aug 28 09:30:03 CDT 2002

Cool Sean,

Learn something new every day.  ProFTPd may well be written to default to
that method.  Randomly assigned ports is a good method to insure you are not
subjected to anything done in the form of a 'man-in-the-middle'.  So, its a
good security measure.  Its just hell on a firewall/proxy to get those ports
through.

Guess I need to read up on ProFTPd.  And thanks for that information Sean.

Chuck

-----Original Message-----
From: satlug-admin at satlug.org [mailto:satlug-admin at satlug.org]On Behalf
Of Sean Carolan
Sent: Wednesday, August 28, 2002 7:42 AM
To: satlug at satlug.org
Subject: RE: [SATLUG] FTP server behind router

Chuck:

I understand the difference between active and passive mode, and the
reasoning behind each.  Thank you for explaining it so clearly.

However, I beg to differ on the question of which ports are used for
passive mode transfers.  The snippet I listed in my last message came
from a default install of proftpd.  I didn't add any 'PassivePort'
command to the /etc/proftpd.conf to make it use port 46578, and without
the 'passiveport' command it still allows data transfers on randomly
assigned ports, and does not default to port 20.

When I connect to the web server using WS_FTP with passive mode, each
time a file is transferred a new data port is assigned.  I even tested
the ftp.redhat.com server to make sure and it works exactly the same way
for passive mode, a new port is assigned for each data transfer.  The
control port is of course 21, but the data ports are different for each
transfer.  Check out the dialog between my client and the server listed
below.

Maybe it's not how it's supposed to work, but as Walter Cronkite used to
say "That's the way it is".

WINSOCK.DLL: WinSock 2.0
WS_FTP LE 5.08 2000.01.13, Copyright C 1992-2000 Ipswitch, Inc.
- -
connecting to 66.77.185.35:21
Connected to 66.77.185.35 port 21
220 Red Hat FTP server ready. All transfers are logged.
USER anonymous
331 Please specify the password.
PASS (hidden)
230 Login successful. Have fun.
PWD
257 "/"
SYST
215 UNIX Type: L8
Host type (S): UNIX (standard)
PASV
227 Entering Passive Mode (66,77,185,35,43,216)
connecting to 66.77.185.35:11224
- -
connecting to 66.77.185.35:11224
Connected to 66.77.185.35 port 11224
LIST
150 Here comes the directory listing.
Received 61 bytes in 0.1 secs, (6100.00 bps), transfer succeeded
226 Directory send OK.
CWD pub
250 Directory successfully changed.
PWD
257 "/pub"
PASV
227 Entering Passive Mode (66,77,185,35,52,168)
connecting to 66.77.185.35:13480
- -
connecting to 66.77.185.35:13480
Connected to 66.77.185.35 port 13480
LIST
150 Here comes the directory listing.
Received 194 bytes in 0.1 secs, (10.00 Kbps), transfer succeeded
226 Directory send OK.

_______________________________________________
Satlug mailing list
Satlug at satlug.org
http://alamo.satlug.org/mailman/listinfo/satlug