RE: FTP Non-Standard Ports
- From: Scott Sandeman <sandeman@xxxxxxxxxxxxxxxxxxxxx>
- To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
- Date: Wed, 06 Feb 2002 14:56:09 -0500
Thomas,
can you tell me where I can get your book in Canada.. I would dearly
love to be able to get my hands on it today...and not have to wait for a
couple of days for delivery....
-- Scott
> http://www.ISAserver.org
>
>
> Hi Logan,
>
> You must use the FW client method of publishing FTP servers on
> non-standard ports.
>
> HTH,
> Tom
> www.isaserver.org/shinder <http://www.isaserver.org/shinder>
>
>
> -----Original Message-----
> From: Logan Ramirez [mailto:LoganRamirez@xxxxxxxxxxxxxx]
> Sent: Tuesday, February 05, 2002 10:35 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] FTP Non-Standard Ports
>
> http://www.ISAserver.org
> Does anyone know why it is so difficult to ftp to a non-standard port?
>
> Maybe it's just me...
>
> Back to back private DMZ setup, and FTP in both directions (from
> internal network and external network into DMZ) work perfectly on
> standard port 21 in both active and passive modes, however, when I try
> to FTP to another port, I get either 500 INVALID PORT COMMAND or
> Operation Timed Out (depending on PORT or PASV mode, respectively).
>
> I am testing with IE 6.0 and also with command line ftp (windows XP)
> from internal network.
>
> I dropped a sniffer on all 3 devices, internal host, internal ISA, and
> DMZ ftp server (IIS running on windows 2000 DC) and watched the packets
> float across, and even in true passive mode, with an 'all ports allowed'
> packet filter enabled and a 'all protocol allowed' filter, only standard
> port 21 worked.
>
> So strange though...same testing environment, from internal host into
> DMZ, and when in passive mode I see the packets generated as such for
> port 21: (numbers made up for convenience)
>
> client 2872 --> server 21
> server 21 ---> client 2872 (with PORT command informing client of its
> listening data port)
> client 3154 --> server 5156
> server 5156 --> client 3154
>
> for ftp to non-standard port, say 5153:
> client 2872 --> server 5153
> server 5153 ---> client 2872 (with PORT command informing client of its
> listening data port)
> client 3154 --> server 5156
> No server response. Operation timed out.
>
> The packet is never seen on the FTP server, but what the heck is so
> different about a client making a second request to some random high
> port when it's initial request was to standard FTP port 21 versus a
> client making a request to some random high port when it's initial
> request was to non-standard FTP port 5153?
>
> I tried SP1, firewall client software (may have done this incorrectly),
> making the client a secureNAT client...
>
> Sure could use some conversation to get more ideas flowing.
>
> Hope this finds all well.
>
> Logan
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> tshinder@xxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
>
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> sandeman@xxxxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')
>
Other related posts:
