APLawrence.com -  Resources for Unix and Linux Systems, Bloggers and the self-employed


Some material is very old and may be incorrect today

© December 2003 (various)

This article is from a FAQ concerning SCO operating systems. While some of the information may be applicable to any OS, or any Unix or Linux OS, it may be specific to SCO Xenix, Open There is lots of Linux, Mac OS X and general Unix info elsewhere on this site: Search this site is the best way to find anything.

I am using the SCO Unix OSR5 ipnat, but ftp only works in passive mode.

Ian Peattie provided this:

Supposing your ipnat configuration looks like this:

 MYIP=`ifconfig net0 | grep inet | awk '{ print $2 }'`
 ipnat -F
 ipnat -C
 ipnat -f - <<EOF
 map net0 -> $MYIP/32

To add the ftp proxy, change your script to this:

  MYIP=`ifconfig net0 | grep inet | awk '{ print $2 }'`
  ipnat -F
  ipnat -C
  ipnat -f - <<EOF
  map net0 -> $MYIP/32 proxy port ftp ftp/tcp
  map net0 -> $MYIP/32

and then re-run it.

A quick simple explanation of ftp/passive ftp for those not familiar with it:

Ftp is a little different than most protocols. When you connect to an ftp server, you connect on what's called the "Control" port. When you want to transfer a file, the ftp server opens a data connection back to you. There's two connections: one that you originated, and one that the server opened for data. And there's the problem for most firewalls: they block that data connection because it comes from outside.

Passive ftp works by the client (that's you) telling the server to use Passive mode-the client opens it's own data connection, and the server uses that. The server is being "passive"- it isn't actively opening connections. For your typical firewall, that's much easier- the connection originates inside the firewall, therefore it's OK (though the firewall does usually have to be told that this is OK ahead of time).

From the strict NAT side of things- where Box A is the client trying to access an ftp site on the Internet, the regular ftp session is the bitchier of the two- the passive mode is easy, but for normal ftp the NAT has to know who that data connection that suddenly comes knocking belongs to. But, if it has properly mangled eveything and kept track of who's doing what, it can do the magic, and it does.

But for Box A to be the server, that's upside down. Now it's the client that comes knocking, and something has to pass it to Box A. That's so whether the client wants the server to be passive or not.

If you found something useful today, please consider a small donation.

Got something to add? Send me email.

(OLDER)    <- More Stuff -> (NEWER)    (NEWEST)   

Printer Friendly Version

-> (SCO Unix) I am using the OSR5 ipnat, but ftp only works in passivemode.

Inexpensive and informative Apple related e-books:

Take Control of High Sierra

Take Control of Preview

Sierra: A Take Control Crash Course

iOS 10: A Take Control Crash Course

Take Control of Numbers

Printer Friendly Version

Have you tried Searching this site?

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more.

Contact us

Printer Friendly Version

The easy confidence with which I know another man's religion is folly teaches me to suspect that my own is also. (Mark Twain)

Linux posts

Troubleshooting posts

This post tagged:




Unix/Linux Consultants

Skills Tests

Unix/Linux Book Reviews

My Unix/Linux Troubleshooting Book

This site runs on Linode