Here's what's going on:
There are two modes of data transfer for FTP: Active and
Passive.
Active usually works fine in situations where there are no
firewalls
involved because the server and the client each have to
listen to a TCP
port. Now that I'm at work, Active Mode is behaving because
there are
no firewalls between my workstation and the Bricolage
server.
However, if I'm connected through a VPN from home, there IS
a firewall
between my workstation and the Bricolage server, so the FTP
server has
no way to connect to my client's open port in Active Mode.
Therefore,
passive mode must be used.
Passive mode involves the server opening two ports -- the
control port
is fixed and the same as in active mode, but the data port
is a random
unprivileged port > 1024. Therefore, IPTABLES must be
configured
accordingly. The only working configuration I discovered
was opening up
all ports above 1024.
Many FTP clients reasonably default to passive mode because
they assume
the user is sitting behind a firewall.
-----Original Message-----
From: David E. Wheeler [mailto:david kineticode.com]
Sent: Wednesday, January 17, 2007 1:32 AM
To: userslists.bricolage.cc
Subject: Re: template development
On Jan 16, 2007, at 7:45 PM, Beaudet, David P. wrote:
> After messing around, I finally changed mine to allow
> NEW,ESTABLISHED,RELATED ports from 2121 and above (i.e.
"2121:") .
> I'd prefer to lock it down to specific ports if
possible. Does
> anyone know if there's a way to do that?
I *think* that Bricolage's FTP server just uses the port you
specify
in the FTP_PORT bricolage.conf directive, which is 2121 by
default.
Are you not finding that to be the case?
Best,
David
|