Re: ftp

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 27, 2004 at 03:09:43PM +0200, Alexander Dalloz wrote:
> Am Di, den 27.04.2004 schrieb Mike um 04:33:
> 
> > Wondering if anybody knows how to disable passive mode in mozilla and in 
> > shell using ftp?
> > Thanks
> 
> By disabling passive mode you mean prohibiting that the user can switch
> to that FTP mode? That I don't know. If you instead mean how to switch
> to active FTP mode, then for the command line FTP client that mode is
> default. You switch between the modes by just entering on the FTP prompt
> after the connection is established: passive or active. For Mozilla I do
> not see an option to change the default mode.

In mozilla the quick and dirty way would be to use a squid proxy that
has passive mode off (I did not see a way to set preferences for
mozilla with a quick look).  In squid.conf look for this stuff:

    #  TAG: ftp_passive
    #       If your firewall does not allow Squid to use passive
    #       connections, then turn off this option.
    #
    #Default:
    # ftp_passive on

For ftp from a shell just toggle it the ftp man page tells me:

    passive
              Toggle  passive  data  transfer  mode off.  In passive mode, the
              client initiates the data connection by connecting to  the  data
              port.  Passive mode is often necessary for operation from behind
              firewalls which do not permit incoming connections, but may need
              to  be  disabled  if you connect to an FTP server which does not
              support passive operation.

It looks like this:

    $ ftp localhost
    Connected to localhost.localdomain.
    220 (vsFTPd 1.2.0)
    530 Please login with USER and PASS.
    331 Please specify the password.
    230 Login successful.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp>
    ftp> passive
    Passive mode off.
    ftp>

Perhaps the question has deeper roots.  See RFC 1579 - Firewall-Friendly FTP
at your favorite RFC repository.  The first one I found was 

   http://www.faqs.org/rfcs/rfc1579.html

You can look at the Gory details
that follow these paragraphs:

 "Overview and Rational

   "The FTP protocol [1] uses a secondary TCP connection for actual
   transmission of files.  By default, this connection is set up by an
   active open from the FTP server to the FTP client.  However, this
   scheme does not work well with packet filter-based firewalls, which
   in general cannot permit incoming calls to random port numbers.

   "If, on the other hand, clients use the PASV command, the data channel
   will be an outgoing call through the firewall.  Such calls are more
   easily handled, and present fewer problems.
   ....

After reading the Gory Details, perhaps the deeper root has to do with
firewall management.  Perhaps to block or enable data transfers.  

If controlling data transfers is the issue things get more interesting
because ftp libraries can be found in most "big" scripting languages:
Perl, php, ruby, python....   Someone could wack together a script
in ten min to replace /usr/bin/ftp or mozilla and do whatever.


-- 
	T o m  M i t c h e l l 
	/dev/null the ultimate in secure storage.



[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux