|
|
Sponsored Content
Top Forums
UNIX for Dummies Questions & Answers
passive ftp problem
Post 81628 by Perderabo on Monday 22nd of August 2005 08:59:04 PM
08-22-2005
This is very odd indeed. That does not seem to be a Solaris error message. I searched the Solaris source code for the word "theft" and I got no hits. Looking through the ftpd source code, it looks like the Solaris ftpd does not check for this condition. There is a macro called FIGHT_PASV_PORT_RACE which is set to 1 to enable the test, but that macro is never checked again. This means that I don't really know where to go from here. 
I have heard of this error from other ftp servers. Let me describe what happens when they correctly issue this complaint. You connect to the ftp server and establish a control connection. The ftp server can then make a note of the source IP address. Your client switches into passive mode automatically. Then you request a file transfer. The ftp server sets up a port for your client to connect to. This second connection is the data connection. When the connection is established, the server can look at the source IP address. The ftp server expects that the same IP address should originate both connections. If that data connection seems to come from a different IP address than the control connection, the ftp server issues this error message. This behavior closes a security hole opened by the use of passive ftp. There is generally some way to disable this check, but it may involve a recompile. All of this implies that you somehow used a different source IP address for the two connections. Is that possible?
I can't imagine why you're seeing that message. I guess that a very active firewall might be able to do that, so check your firewall. Other than that, it beats me.
I have heard of this error from other ftp servers. Let me describe what happens when they correctly issue this complaint. You connect to the ftp server and establish a control connection. The ftp server can then make a note of the source IP address. Your client switches into passive mode automatically. Then you request a file transfer. The ftp server sets up a port for your client to connect to. This second connection is the data connection. When the connection is established, the server can look at the source IP address. The ftp server expects that the same IP address should originate both connections. If that data connection seems to come from a different IP address than the control connection, the ftp server issues this error message. This behavior closes a security hole opened by the use of passive ftp. There is generally some way to disable this check, but it may involve a recompile. All of this implies that you somehow used a different source IP address for the two connections. Is that possible?
I can't imagine why you're seeing that message. I guess that a very active firewall might be able to do that, so check your firewall. Other than that, it beats me.
|
|
8 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
can someone tell me how I can deal with a problem am having concerning users that are faliing to use one of the shells specified in the /etc/shells file.
as a result, am told, these users are bound fail to connect via FTP. i know i goto check the /etc/shells file on the target host but what... (5 Replies)
Discussion started by: TRUEST
5 Replies
2. Shell Programming and Scripting
i m able to login to Unix box from window's cmd
can anyone tell me how to run a script from window cmd using ftp ?
the script is in unix box and i need to run from windows CMD using ftp (2 Replies)
Discussion started by: ali560045
2 Replies
3. Shell Programming and Scripting
hi i am doing a passive ftp file transfer . during that i got the following error.
"ftp> put FTPS_MAILBOX
local: FTPS_MAILBOX remote: FTPS_MAILBOX
421 Service not available, remote server has closed connection
Passive mode refused. Turning off passive mode.
No control connection for... (1 Reply)
Discussion started by: Satyak
1 Replies
4. Shell Programming and Scripting
i have a script that will perform the following steps:
1) FTP to dir a1.Then get the ls -ltr and redirect to file a1.txt
2) FTP to dir b1.Then get the ls -ltr and redirect to file b1.txt
3) FTP to dir c1.Then get the ls -ltr and redirect to file c1.txt
What i want is how shall i achieve the... (2 Replies)
Discussion started by: ali560045
2 Replies
5. AIX
I have a HACMP 6.1 configured in a active/passive. I have 1 NIC with 3 IP address on (Boot, Persistent and Service ) . All address are routable.
One of the application on the HA cluster is also using Boot Ip to send application data.
Question : Since all the traffic is passing thru the same... (3 Replies)
Discussion started by: mk8570
3 Replies
6. AIX
how to connect to ftp server in passive mode?
ftp server.abc
and how can i see ftp settings, doesn't exist some ftpd.conf
there is some other file where i check the options and configurations of ftp server?
Thanks (3 Replies)
Discussion started by: prpkrk
3 Replies
7. IP Networking
I am using vsftp but I can't login with passive mode. I can only login with active mode. I can login with both mode when service of iptables is stop.
In active mode : 20,21 must be open from server site. 1023 and over must be open at client site.
In passive mode : only 21,1023 and over must be... (1 Reply)
Discussion started by: getrue
1 Replies
8. Debian
Hello everyone,
Could you please help me with settings of pure-ftpd.
Here is my actual solution:
I have got linux (debian 7.1 wheezy ), where I run pure-ftpd, created virtual users, folder for ftp. I also install openssl, create private certificate for tls. All seems good.
... (3 Replies)
Discussion started by: sedlis
3 Replies
LEARN ABOUT OSX
net::config
Net::Config(3pm) Perl Programmers Reference Guide Net::Config(3pm) NAME
Net::Config - Local configuration data for libnet SYNOPSYS
use Net::Config qw(%NetConfig); DESCRIPTION
"Net::Config" holds configuration data for the modules in the libnet distribution. During installation you will be asked for these values. The configuration data is held globally in a file in the perl installation tree, but a user may override any of these values by providing their own. This can be done by having a ".libnetrc" file in their home directory. This file should return a reference to a HASH containing the keys described below. For example # .libnetrc { nntp_hosts => [ "my_preferred_host" ], ph_hosts => [ "my_ph_server" ], } __END__ METHODS
"Net::Config" defines the following methods. They are methods as they are invoked as class methods. This is because "Net::Config" inherits from "Net::LocalCfg" so you can override these methods if you want. requires_firewall HOST Attempts to determine if a given host is outside your firewall. Possible return values are. -1 Cannot lookup hostname 0 Host is inside firewall (or there is no ftp_firewall entry) 1 Host is outside the firewall This is done by using hostname lookup and the "local_netmask" entry in the configuration data. NetConfig VALUES nntp_hosts snpp_hosts pop3_hosts smtp_hosts ph_hosts daytime_hosts time_hosts Each is a reference to an array of hostnames (in order of preference), which should be used for the given protocol inet_domain Your internet domain name ftp_firewall If you have an FTP proxy firewall (NOT an HTTP or SOCKS firewall) then this value should be set to the firewall hostname. If your firewall does not listen to port 21, then this value should be set to "hostname:port" (eg "hostname:99") ftp_firewall_type There are many different ftp firewall products available. But unfortunately there is no standard for how to traverse a firewall. The list below shows the sequence of commands that Net::FTP will use user Username for remote host pass Password for remote host fwuser Username for firewall fwpass Password for firewall remote.host The hostname of the remote ftp server 0 There is no firewall 1 USER user@remote.host PASS pass 2 USER fwuser PASS fwpass USER user@remote.host PASS pass 3 USER fwuser PASS fwpass SITE remote.site USER user PASS pass 4 USER fwuser PASS fwpass OPEN remote.site USER user PASS pass 5 USER user@fwuser@remote.site PASS pass@fwpass 6 USER fwuser@remote.site PASS fwpass USER user PASS pass 7 USER user@remote.host PASS pass AUTH fwuser RESP fwpass ftp_ext_passive ftp_int_passive FTP servers can work in passive or active mode. Active mode is when you want to transfer data you have to tell the server the address and port to connect to. Passive mode is when the server provide the address and port and you establish the connection. With some firewalls active mode does not work as the server cannot connect to your machine (because you are behind a firewall) and the firewall does not re-write the command. In this case you should set "ftp_ext_passive" to a true value. Some servers are configured to only work in passive mode. If you have one of these you can force "Net::FTP" to always transfer in passive mode; when not going via a firewall, by setting "ftp_int_passive" to a true value. local_netmask A reference to a list of netmask strings in the form "134.99.4.0/24". These are used by the "requires_firewall" function to determine if a given host is inside or outside your firewall. The following entries are used during installation & testing on the libnet package test_hosts If true then "make test" may attempt to connect to hosts given in the configuration. test_exists If true then "Configure" will check each hostname given that it exists perl v5.16.2 2012-08-26 Net::Config(3pm)