[wellylug] ProFTPD problems
Jamie Dobbs
jamie.dobbs at paradise.net.nz
Tue Jan 15 21:55:43 NZDT 2002
Thanks for the suggestion Llyod but I can't but any software on the
firewall as its a 'sealed box' solution (Watchguard Firebox-II) so I'll
have to try and work it out some other way - there must be a way but the
online help for the Watchguard is pretty bad!
On Mon, 2002-01-14 at 20:48, Lloyd wrote:
> Hey
>
> Richard I don't think its proftpd thats the problem, I think its NAT,
> as ports 60000+ are used by NAT. Jamie, does your FTP server run on a
> separate machine behind the firewall or on the firewall itself?
>
> If its a separate, I suggest you look into a program called jftpgw that
> you can run on the firewall and it will act as an incoming FTP proxy to
> your machine behind the firewall. This will hopefully fix you problem.
>
> jftpgw is very small and easy to configure, you can even choose which
> internal server to connect to by placing an @internal.machine.name after
> your login name.
>
> I use it on our work machines - http://www.mcknight.de/jftpgw/
>
> cya
> Lloyd
>
> On Mon, 14 Jan 2002, Richard Hector wrote:
>
> > Jamie Dobbs wrote:
> > >
> > > Hi all
> > >
> > > I'm running a Linux box behind our firewall at work as an FTP server.
> > > Of the 2 clients that use it one has no problems but the other cannot
> > > connect to it. The one having problems says that our FTP server is
> > > assigning the 'data channel' on a seemingly random port above 60000
> > > (?) and he says that their firewall cannot cope with this as it
> > > expects the data channel to be on the 'standard' port of 20 - what
> > > configuration changes can I make to enable this?
> > > We are running proFTPD 1.2.2
> >
> > Firstly 1.2.3 fixes a security hole, and 1.2.4 fixes another bug
> > (according to the web site), so you should probably upgrade.
> >
> > The users guide there says it does use source port 20 for the data
> > channel. On the other hand, it can't do that if the client requests
> > passive mode, so perhaps they're doing that? I think most web browsers
> > use passive mode by default. If their firewall allows back connections
> > from port 20, they don't need passive mode and can use normal mode.
> >
> > Note that neither you nor the ProFTPD user guide are very clear whether
> > you're talking about source or data ports, so I'm filling in the gaps
> > from other sources. If they're expecting the server to open the data
> > channel with a _destination_ port 20, they're wasting their time,
> > because it's not under the server's control, and an ftp client can't
> > normally allocate a port that low, because it needs to be root to do so.
> >
> > HTH,
> >
> > Richard
> >
> >
> > .-. Wellington
> > /V\ Linux
> > // \\ Users
> > /( )\ Group
> > ^^-^^
> > http://wlug.paradise.net.nz/
> >
> > To unsubscribe from this group, send an email to:
> > wellylug-unsubscribe at egroups.com
> >
> >
> > Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
> >
> >
> >
> >
>
>
>
>
> .-. Wellington
> /V\ Linux
> // \\ Users
> /( )\ Group
> ^^-^^
> http://wlug.paradise.net.nz/
>
> To unsubscribe from this group, send an email to:
> wellylug-unsubscribe at egroups.com
>
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>
>
>
------------------------ Yahoo! Groups Sponsor ---------------------~-->
Sponsored by VeriSign - The Value of Trust
When building an e-commerce site, you want to start with a
secure foundation. Learn how with VeriSign's FREE Guide.
http://us.click.yahoo.com/oCuuSA/XdiDAA/yigFAA/0XFolB/TM
---------------------------------------------------------------------~->
.-. Wellington
/V\ Linux
// \\ Users
/( )\ Group
^^-^^
http://wlug.paradise.net.nz/
To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
More information about the wellylug
mailing list