Passive and Active ftp mode
Hi, all In my ftp-proxy.conf file, I have enabled "DestinationTransferMode client" which I believe that transfer mode is decided by whoever starts ftp session not by ftp proxy server. Generally we run ftp passive mode and the command is issued by ftp users from their PCs, etc which runs great. But we have a particular ftp site which requires ftp active mode connection. When users login to the ftp server, they can't do anything such as ls, dir command after a while they get a message "can't open data connection". The message to me is that ftp data connection port problem. What configuration that I have to change to make it happen? My guess is that parameter "ActiveMinDataPort 40000" and "ActiveMaxDataPort 40999" cause the problem but they are commented out in the configuration file. I have enabled TCP Wrapper and chroot functions on the proxy server. Does anyone know the problem? Thanks. By the way, we run proxy server v1.9 on Solaris 9, Sun Blade 100 and attached configuration file. Marius, I have compiled the patch you sent me for the Solaris error but I have not installed and tested because my users are using it. Ruiyuan Jiang Liz Claiborne, Inc. <<ftp-proxy.conf>>
On Fri, Aug 09, 2002 at 11:35:23AM -0400, Ruiyuan Jiang wrote:
Hi, all
Hi!
In my ftp-proxy.conf file, I have enabled "DestinationTransferMode client" which I believe that transfer mode is decided by whoever starts ftp session not by ftp proxy server.
Yes, "DestinationTransferMode client" is the right flag to allow users to select the transfer mode (active or passive ftp) to server.
Generally we run ftp passive mode and the command is issued by ftp users from their PCs, etc which runs great. But we have a particular ftp site which requires ftp active mode connection. When users login to the ftp server, they can't do anything such as ls, dir command after a while they get a message "can't open data connection".
If you are using "DestinationTransferMode client" the proxy have to be able to do active transfers - it should run on a machine with an official IP. Take a look into the syslog messages, there may be different reasons (you can see them in syslog messages) for the "425 Can't open data connection" answer from proxy, i.e.: bad PASV 277 response from server ... can't connect Srv-Data ... can't connect Cli-Data ... Cli-Data: can't bind to ... Srv-Data: can't bind to ...
The message to me is that ftp data connection port problem. What configuration that I have to change to make it happen? My guess is that parameter "ActiveMinDataPort 40000" and "ActiveMaxDataPort 40999" cause the problem but they are commented out in the configuration file.
You may use "SockBindRand yes" as well if you are using port ranges.
I have enabled TCP Wrapper and chroot functions on the proxy server. Does anyone know the problem? Thanks. By the way, we run proxy server v1.9 on Solaris 9, Sun Blade 100 and attached configuration file. Marius, I have compiled the patch you sent me for the Solaris error but I have not installed and tested because my users are using it.
OK. Kind regards, Marius Tomaschewski <mt@suse.de> -- SuSE Linux AG, Nürnberg - SuSE Labs, Product Developement PGP public key available: http://www.suse.de/~mt/mt.pgp Fprint: EA 1F 92 75 1A F9 82 07 A1 28 DE 7A 32 E8 97 18
participants (2)
-
Marius Tomaschewski -
Ruiyuan Jiang