On Tue, Apr 27, 2004 at 03:09:43PM +0200, Alexander Dalloz wrote:
> Am Di, den 27.04.2004 schrieb Mike um 04:33:
>
> > Wondering if anybody knows how to disable passive mode in mozilla and in
> > shell using ftp?
> > Thanks
>
> By disabling passive mode you mean prohibiting that the user can switch
> to that FTP mode? That I don't know. If you instead mean how to switch
> to active FTP mode, then for the command line FTP client that mode is
> default. You switch between the modes by just entering on the FTP prompt
> after the connection is established: passive or active. For Mozilla I do
> not see an option to change the default mode.
In mozilla the quick and dirty way would be to use a squid proxy that
has passive mode off (I did not see a way to set preferences for
mozilla with a quick look). In squid.conf look for this stuff:
# TAG: ftp_passive
# If your firewall does not allow Squid to use passive
# connections, then turn off this option.
#
#Default:
# ftp_passive on
For ftp from a shell just toggle it the ftp man page tells me:
passive
Toggle passive data transfer mode off. In passive mode, the
client initiates the data connection by connecting to the data
port. Passive mode is often necessary for operation from behind
firewalls which do not permit incoming connections, but may need
to be disabled if you connect to an FTP server which does not
support passive operation.
It looks like this:
$ ftp localhost
Connected to localhost.localdomain.
220 (vsFTPd 1.2.0)
530 Please login with USER and PASS.
331 Please specify the password.
230 Login successful.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp>
ftp> passive
Passive mode off.
ftp>
Perhaps the question has deeper roots. See RFC 1579 - Firewall-Friendly FTP
at your favorite RFC repository. The first one I found was
http://www.faqs.org/rfcs/rfc1579.html
You can look at the Gory details
that follow these paragraphs:
"Overview and Rational
"The FTP protocol [1] uses a secondary TCP connection for actual
transmission of files. By default, this connection is set up by an
active open from the FTP server to the FTP client. However, this
scheme does not work well with packet filter-based firewalls, which
in general cannot permit incoming calls to random port numbers.
"If, on the other hand, clients use the PASV command, the data channel
will be an outgoing call through the firewall. Such calls are more
easily handled, and present fewer problems.
....
After reading the Gory Details, perhaps the deeper root has to do with
firewall management. Perhaps to block or enable data transfers.
If controlling data transfers is the issue things get more interesting
because ftp libraries can be found in most "big" scripting languages:
Perl, php, ruby, python.... Someone could wack together a script
in ten min to replace /usr/bin/ftp or mozilla and do whatever.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
