FTP, proxies, firewalls (was: Fedora ftp install without a name server?)

[Ben Scott]

On 3/23/06, John Abreau <jabr at blu.org> wrote:
> Just a minor nit; PASV mode wasn't invented to deal with firewalls; if I
> recall correctly, it was part of the ftp spec early on, and its intended
> purpose was for server-to-server transfers.

  Ah.  Interesting.  I stand corrected.

On 3/23/06, Jason Stephenson <jason at sigio.com> wrote:
> IE also seems to do all FTP in the normal way, thus it not working
> through my firewall/NAT.

  Some versions of MSIE have a knob for this.  Tools -> Options ->
Advanced -> Browsing -> Use Passive Mode.

> I supposedly configured the FTP proxy on my firewall, but I'm not sure
> why it isn't working.

  When you mix FTP with proxies, things get really complicated.  It
can mean the FTP client uses a SOCKS proxy to open TCP connections to
the outside world.  It can mean the FTP client uses an HTTP proxy and
the CONNECT method to open TCP connections to the outside world (you
need PASV for this, since there is no way to have an HTTP proxy listen
on behalf of a client).  It can mean an HTTP client (web browser) uses
HTTP to talk to an HTTP proxy, submit GET and PUT of FTP URLs, so the
proxy server itself does FTP, but then the proxy server returns the
result to the HTTP client using HTTP and HTML.  Or it can mean one of
several mutually incompatible FTP proxy protocols which have nothing
to do with SOCKS or HTTP.

  And none of that even touches on IP-layer NAT/masquerading/etc.

  Are we sufficiently confused yet?

> Perhaps, an upgrade or a switch to a different firewall software is in order.

  What are you using now?

-- Ben