Mailinglist Archive: opensuse-security (575 mails)
| < Previous | Next > |
Re: [suse-security] SuseFirewall2 DMZ
- From: Bodo Kaelberer <BodoKaelberer@xxxxxxxxxx>
- Date: Tue, 19 Nov 2002 17:56:45 +0100
- Message-id: <1714652328.20021119175645@xxxxxxxxxx>
Hi Christian Andersson,
>> If I remember well, this tells your client to connect to the server
>> 192.168.x.y (did you replace the numbers?) at port 33056.
> 33066 probably (as far as the firewall log implies).
As far as it concerns the ftp-protocoll, it should be 33056 (129 * 256
+ 32).
>> What surprises me: there is no command, that would result in a
>> transfer of data. So there ist no reason to send the server into
>> passiv mode and to wait for your request, because your client will not
>> do a request as it does not expect a transfer. You need a command like
>> LIST after PASV.
>> Is this client working in passive-mode with other servers? Maybe
>> there's a bug in the client?
> Would be interesting to see a corresponding log from a successful connection
> to some server that works. I.e. what happens normally after that PASV
> command?
On a second thought: The command (LIST) is missing, because the connection
could not be established. So my idea of a bug in the client was
probably nonsense and the problem goes back to the firewall-expert (-;
Bye
--
Bodo Kaelberer + WEBKIND at http://www.webkind.de/ |
- -
Politik ist, wenn ein paar tausend Leute ein paar Milliarden kosten -
und etwas produzieren, das dem Fallen eines Wuerfels gleicht. -
-- |
>> If I remember well, this tells your client to connect to the server
>> 192.168.x.y (did you replace the numbers?) at port 33056.
> 33066 probably (as far as the firewall log implies).
As far as it concerns the ftp-protocoll, it should be 33056 (129 * 256
+ 32).
>> What surprises me: there is no command, that would result in a
>> transfer of data. So there ist no reason to send the server into
>> passiv mode and to wait for your request, because your client will not
>> do a request as it does not expect a transfer. You need a command like
>> LIST after PASV.
>> Is this client working in passive-mode with other servers? Maybe
>> there's a bug in the client?
> Would be interesting to see a corresponding log from a successful connection
> to some server that works. I.e. what happens normally after that PASV
> command?
On a second thought: The command (LIST) is missing, because the connection
could not be established. So my idea of a bug in the client was
probably nonsense and the problem goes back to the firewall-expert (-;
Bye
--
Bodo Kaelberer + WEBKIND at http://www.webkind.de/ |
- -
Politik ist, wenn ein paar tausend Leute ein paar Milliarden kosten -
und etwas produzieren, das dem Fallen eines Wuerfels gleicht. -
-- |
| < Previous | Next > |