OSR5 FAQ

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

I am using the SCO Unix OSR5 ipnat, but ftp only works in passive mode.

Ian Peattie provided this:

Supposing your ipnat configuration looks like this:

 #!/bin/ksh
 MYIP=`ifconfig net0 | grep inet | awk '{ print $2 }'`
 ipnat -F
 ipnat -C
 ipnat -f - <<EOF
 map net0 192.168.200.0/24 -> $MYIP/32
 EOF
 

To add the ftp proxy, change your script to this:

  ----(start)---
  #!/bin/ksh
  MYIP=`ifconfig net0 | grep inet | awk '{ print $2 }'`
  ipnat -F
  ipnat -C
  ipnat -f - <<EOF
  map net0 192.168.200.0/24 -> $MYIP/32 proxy port ftp ftp/tcp
  map net0 192.168.200.0/24 -> $MYIP/32
  EOF
  ----(end)----
 

and then re-run it.

A quick simple explanation of ftp/passive ftp for those not familiar with it:

Ftp is a little different than most protocols. When you connect to an ftp server, you connect on what's called the "Control" port. When you want to transfer a file, the ftp server opens a data connection back to you. There's two connections: one that you originated, and one that the server opened for data. And there's the problem for most firewalls: they block that data connection because it comes from outside.

Passive ftp works by the client (that's you) telling the server to use Passive mode-the client opens it's own data connection, and the server uses that. The server is being "passive"- it isn't actively opening connections. For your typical firewall, that's much easier- the connection originates inside the firewall, therefore it's OK (though the firewall does usually have to be told that this is OK ahead of time).

From the strict NAT side of things- where Box A is the client trying to access an ftp site on the Internet, the regular ftp session is the bitchier of the two- the passive mode is easy, but for normal ftp the NAT has to know who that data connection that suddenly comes knocking belongs to. But, if it has properly mangled eveything and kept track of who's doing what, it can do the magic, and it does.

But for Box A to be the server, that's upside down. Now it's the client that comes knocking, and something has to pass it to Box A. That's so whether the client wants the server to be passive or not.



Got something to add? Send me email.





(OLDER) <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

->
-> (SCO Unix) I am using the OSR5 ipnat, but ftp only works in passivemode.



Increase ad revenue 50-250% with Ezoic

Kerio Samepage


Have you tried Searching this site?

Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us





All of science is nothing more than the refinement of everyday thinking. (Albert Einstein)





This post tagged:

FAQ

FTP