• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

PASV mode on FTP

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Connectivity // Telecommunications // Internet News

View previous topic :: View next topic  
Author Message
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Feb 07, 2003 1:34 pm    Post subject: PASV mode on FTP Reply with quote

I have an FTP up and running.

When a connection is made, firstly it goes to the router. The router the port forwards the request onto the internal ip address of the box the ftp is running on. To get the whole thing working I had to enable some port triggering for the ip range the ftp is running on, not sure why (if anyone knows please tell me) but it was just a lucky guess.

Alls working well and good, except I can't seem to get PASV mode working. It just says connection lost. Users have to take off PASSIVE mode to get it working.

Any ideas?
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Feb 07, 2003 1:55 pm    Post subject: Reply with quote

Mate, what filters are running on router/firewall.

PASV needs clear outbound access to all ports >1023 to work.

Normal needs inbound access to port 20.
Back to top
View user's profile Send private message Send e-mail
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Feb 07, 2003 1:57 pm    Post subject: Reply with quote

all the way to 65535??
Back to top
View user's profile Send private message
myhatisred
Just Arrived
Just Arrived


Joined: 11 Jan 2003
Posts: 0


Offline

PostPosted: Fri Feb 07, 2003 4:35 pm    Post subject: Reply with quote

what kind of router/firewall is it?
Back to top
View user's profile Send private message Visit poster's website AIM Address
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Feb 07, 2003 4:45 pm    Post subject: Reply with quote

TheKingster wrote:
all the way to 65535??


Yep!

PASV chooses a random port >1023 to create its data channel.
Back to top
View user's profile Send private message Send e-mail
myhatisred
Just Arrived
Just Arrived


Joined: 11 Jan 2003
Posts: 0


Offline

PostPosted: Fri Feb 07, 2003 4:57 pm    Post subject: Reply with quote

that's interesting, my ftp server only has ports 20 + 21 open and it works on every mode
Back to top
View user's profile Send private message Visit poster's website AIM Address
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Feb 07, 2003 4:58 pm    Post subject: Reply with quote

Outbound
Back to top
View user's profile Send private message Send e-mail
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Feb 07, 2003 5:15 pm    Post subject: Reply with quote

dunno how to configure just outbound on my router?

its a linksys 4 port switch\router.
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Feb 07, 2003 5:22 pm    Post subject: Reply with quote

If all outbound is allowed PASV will work
Normal mode requires inbound access to port 20
Back to top
View user's profile Send private message Send e-mail
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Feb 07, 2003 5:29 pm    Post subject: Reply with quote

Yeh cant find where to allow all outbound
Back to top
View user's profile Send private message
b4rtm4n
Trusted SF Member
Trusted SF Member


Joined: 26 May 2002
Posts: 16777206
Location: Bi Mon Sci Fi Con

Offline

PostPosted: Fri Feb 07, 2003 5:30 pm    Post subject: Reply with quote

http://www.itc.virginia.edu/netsys/faq/dormFTP.html

Rough guide to ftp for those interested
Back to top
View user's profile Send private message Send e-mail
Jason
Forum Fanatic
Forum Fanatic


Joined: 19 Sep 2002
Posts: 16777215


Offline

PostPosted: Fri Feb 07, 2003 6:01 pm    Post subject: Reply with quote

This guide is pretty good also:

http://www.isaserver.org/articles/How_the_FTP_protocol_Challenges_Firewall_Security.html
Back to top
View user's profile Send private message Send e-mail
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Feb 07, 2003 6:07 pm    Post subject: Reply with quote

I knwo about ftps, thats not what im looking for. I have port forwarding on my router that allows me to control inbound but cant see any outbound settings at all.
Back to top
View user's profile Send private message
chris
Forum Fanatic
Forum Fanatic


Joined: 18 Apr 2002
Posts: 16777201
Location: ~/security-forums

Offline

PostPosted: Fri Feb 07, 2003 6:14 pm    Post subject: Reply with quote

There are NO outgoing restrictions on the linksys by default.

PASV can be problematic behind NAT, im assuming you want pasv to ftp ? otherwise just turn it off in the ftp client.

Ive had similar problems before, some servers with both the control and data FTP ports open its been fine, others with the exact same incoming and outgoing restrictions havent.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger
TheKingster
Link Spammer
Link Spammer


Joined: 03 May 2002
Posts: 0
Location: UK

Offline

PostPosted: Fri Feb 07, 2003 6:55 pm    Post subject: Reply with quote

Yeh I know I can do it at the client end and at server end.

No worries ill just do that.

ITS THE WEEKEND W00000t!!
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Connectivity // Telecommunications // Internet News All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Looking for more Windows Networking info?

Sign up to the WindowsNetworking.com Monthly Newsletter, written by Enterprise Security MVP Deb Shinder, containing news, the hottest tips, Networking links of the month and much more. Subscribe today and don't miss a thing!
View a sample newsletter.

Become a WindowsNetworking.com member!

Discuss your Windows Networking issues with thousands of other Windows Newtorking experts. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred data recovery solution?

Follow TechGenix on Twitter