Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Using the built-in FTP server and IPFW (firewall)' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Using the built-in FTP server and IPFW (firewall)
Authored by: diamondsw on Aug 11, '03 11:50:53AM

Does this apply to server or client? The client FTP server is clearly lukemftpd, and will identify itself as such.

Meanwhile, there are more bugs in passive FTP. I have the port range limited to 10 ports so I can tunnel FTP through SSH. Each time you get a directory listing, transfer a file, etc, it opens a new port. The problem is that lukemftpd doesn't close these ports properly and very quickly uses all of the ports available to it. All further directory listings and transfers fail. The only solution I found was to give up on it and install pure-ftpd, which I can highly recommend.



[ Reply to This | # ]
Using the built-in FTP server and IPFW (firewall)
Authored by: Mr.D on Aug 11, '03 04:34:27PM

It's mainly for the server version, the client version has a different correct IPFW config which lets the whole 1024-65534 pasv port range through.

After having a look on a client version, it does seem that it contains a different FTP Server. But looking in the man ftp.conf this version does also support locking down IP port range for passive FTP file transfers with the command portrange class min max.
So it would seem that this hint could be used on a client version too, the general idea is the same (but haven't tested it).

The other problems you talk about I haven't come across yet. It couldn't be you have some corrupted file which is part of ftpd?



[ Reply to This | # ]
Using the built-in FTP server and IPFW (firewall)
Authored by: peterneillewis on Aug 12, '03 05:24:20AM

Are you sure the FTP server is not closing ports, or is it just the one to four minute TIME_WAIT state that a port goes in to after it is closed before it can be opened again?

See section 2.7 os this FAQ for information on TIME_WAIT:

http://unlser1.unl.csi.cuny.edu/faqs/sock-faq/html/unix-socket-faq-2.html

Enjoy



[ Reply to This | # ]