Re: [squid-users] ftp_passive

From: Colin Campbell <sgcccdc@dont-contact.us>
Date: Fri, 8 Jun 2001 09:31:09 +1000 (EST)

Hi,

On Thu, 7 Jun 2001, Adam Lang wrote:

> What are passive connections?

Ftp uses two data streams, one for passing commands around, the other for
moving data. The command channel is handled by the ftpd listening on port
21.

The data channel varies depending on whether you ask for passive ftp or
not. When you request data in a non-passive environment, you client tells
the server "I am listening on <ip-address> <port>". The server then
connects FROM port 20 to the ip address and port specified by your client.
This requires your "security device" to permit any host outside from port
20 to any host inside on any port > 1023. Somewhat of a hole.

In passive mode, when you request a data transfer, the server tells the
client "I am listening on <ip address> <port>". Your client then connects
to the server on that IP and port and data flows.

Colin
Received on Thu Jun 07 2001 - 17:31:34 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:33 MST