Re: FTP thru NATd address

From: Paul Lynch (paul.lynch_at_nospam.com)
Date: 04/14/04 

Date: Wed, 14 Apr 2004 17:13:14 +0100

On Wed, 14 Apr 2004 15:55:19 GMT, alun@texis.invalid (Alun Jones [MS
MVP]) wrote:

>Paul, I don't think this is the first time I've had to tell you that this
>advice is just plain wrong.
>
>Port 20 is the source port used for outgoing connections from the server to
>the client.
I know it is.

>As such, it does not need to be "opened" in NATs or firewalls, unless the
>NAT or firewall is the sort that restricts outgoing connections from being
>made. If it is this sort of NAT / firewall, you will need to specify
>whether it's inbound or outbound.
I thought it was clear from the context of the original post. Maybe
not. Point taken though.

>I really need you to be specific about this in the future - while I do have
>some plans to propose FTP extensions that will use _inbound_ connections to
>port 20, but there is currently nothing that uses port 20 inbound to the
>server.
>
>Alun.
>~~~~

I thought the OP was quite specific in his request and it appeared to
me that his NAT/router was blocking port 20 *from* his server to the
outside world.

He seems to have got his connections working, although I take your
point that he could now have port 20 wide open to the world as a
result.

Ping, if you are reading this, please take the Shields Up test
(http://www.grc.com/default.htm) and check that you don't have port 20
open on your internet facing connection. If you do you should close it
as it it is doesn't need to be open for inbound connections to your
FTP server.

Regards,

Paul Lynch
MCSE

Relevant Pages

  • Re: network programming: how does s.accept() work?
    ... The program you contact at Google is a server. ... so, the server will usually assign a new port, say 56399, specifically ... connections to a server remain on the same port, ... sockets is what identifies them. ...
    (comp.lang.python)
  • Nimda.E/unknown memory resident, internet-aware processes
    ... a client's NT 4.0 server was infected with what appeared to be ... network traffic and saw several suspect connections. ... one other connection to port 2787. ... along with about 500 other compromised systems on just that one IRC server. ...
    (Incidents)
  • Re: Apple Mail setting ?
    ... outgoing connections to port 25 ... support connections to alternate ports, ... Comcast decide to block outgoing to connections to port 25 for me ... server that only accepts connections on 25, you seem to be up a creek. ...
    (comp.sys.mac.apps)
  • Re: iptables newbie question
    ... so it's not a dedicated server. ... > merely want to limit connections on that port ONLY to the e-mail server ... do you want to be able to establish connections out to ... The same sort of thing happens for any request you make - dns, ntp, web, ...
    (comp.os.linux.security)
  • Re: Sun Volume Manager or Solaris Disk Suite
    ... keyboard or mouse connections. ... I have to buy a RJ45 cable that will connect to a DB9 adapter on one ... port). ... How would putty know that I am trying to connect to a server via a com ...
    (comp.sys.sun.admin)