Re: IP MASQUERADING broken again from v1.3.81 onwards

Herbert Rosmanith (herp@wildsau.idv.uni-linz.ac.at)
Fri, 5 Apr 1996 15:17:47 +0200 (MET DST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jaco Greeff: "Author of Multimon"
Previous message: Jirka Hanika: "Re: ext2 attribute immutable"
In reply to: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"
Next in thread: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"

>
> > port 20 is ftp-data, but this port is not used even if you do *not* use
> > a firewall. the client and the server negotiate which port to use
> > by using the PORT command, part of the ftp-protocoll.
>
> Yes, but port 20 is normally used as remote port for the ftp-data
> connection going to that local (negotiated) port.

I remember reading a piece of source code, was it ftp or ftpd, where
port 20 was commented out, and a 0 was inserted instead, so the system
will create its own port.
the PORT command, as I understand it, is used when the ftp-server
establishes a data-connection to the ftp-client, with the selected port
as target address. so you don't know which port is going to be used
locally.
and second, if you have configured your firewall in a way that only
allows packets with SYN=1 out your firewall and ACK=1 into your firewall,
then you cannot use non-passive ftp-mode, since you cannot connect
through your fireall from outside. (this is what I meant with "closed"
firewall)

/herp
herp@wildsau.idv.uni-linz.ac.at
rosmanith@edvz.uni-linz.ac.at

Next message: Jaco Greeff: "Author of Multimon"
Previous message: Jirka Hanika: "Re: ext2 attribute immutable"
In reply to: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"
Next in thread: Jos Vos: "Re: IP MASQUERADING broken again from v1.3.81 onwards"