Firewall Issue - Protocols

This is a discussion on Firewall Issue - Protocols ; We are trying to FTP a file from a clients PC using K95 2.0.1 to our FTP server. We have been unable to get through their firewall. Their network people have investigated and say that it appears the Kermit software ...

+ Reply to Thread
Results 1 to 5 of 5

Thread: Firewall Issue

  1. Firewall Issue

    We are trying to FTP a file from a clients PC using K95 2.0.1 to our
    FTP server. We have been unable to get through their firewall. Their
    network people have investigated and say that it appears the Kermit
    software is using random high ports, which are not allowed thru their
    (RFS) firewall. They think there should be some script settings I
    could change to limit the ports. I've tried the /ACTIVE-/PASSIVE
    switche, but no luck. Any idea what those settings are or where else
    to look?

    I am not a firewall or FTP expert, but we've used this same script at
    other clients without any problems.

  2. Re: Firewall Issue

    the port numbers for passive ftp data connections are selected
    by the FTP server. If there are options to specify a range
    of ports, it will be on the server.



    Don L wrote:

    > We are trying to FTP a file from a clients PC using K95 2.0.1 to our
    > FTP server. We have been unable to get through their firewall. Their
    > network people have investigated and say that it appears the Kermit
    > software is using random high ports, which are not allowed thru their
    > (RFS) firewall. They think there should be some script settings I
    > could change to limit the ports. I've tried the /ACTIVE-/PASSIVE
    > switche, but no luck. Any idea what those settings are or where else
    > to look?
    >
    > I am not a firewall or FTP expert, but we've used this same script at
    > other clients without any problems.


    --
    -----------------
    This e-mail account is not read on a regular basis.
    Please send private responses to jaltman at mit dot edu

  3. Re: Firewall Issue

    I'm waiting for some clarification on what they mean by "random high
    ports", but I suspect they are talking about the command and data
    ports the client PC is selecting and not those of the FTP server. If
    my understanding is correct, the client PC can randomly assign its own
    command and data ports.

    If this is the case (they are talking about the client PC's ports), is
    there a way to assign the command and data ports of the client PC
    using Kermit?

    Jeffrey Altman wrote in message news:<41238A69.4070205@nyc.rr.com>...
    > the port numbers for passive ftp data connections are selected
    > by the FTP server. If there are options to specify a range
    > of ports, it will be on the server.
    >
    >
    >
    > Don L wrote:
    >
    > > We are trying to FTP a file from a clients PC using K95 2.0.1 to our
    > > FTP server. We have been unable to get through their firewall. Their
    > > network people have investigated and say that it appears the Kermit
    > > software is using random high ports, which are not allowed thru their
    > > (RFS) firewall. They think there should be some script settings I
    > > could change to limit the ports. I've tried the /ACTIVE-/PASSIVE
    > > switche, but no luck. Any idea what those settings are or where else
    > > to look?
    > >
    > > I am not a firewall or FTP expert, but we've used this same script at
    > > other clients without any problems.


  4. Re: Firewall Issue

    FTP works this way. The server has a standard port for command
    channels, port 21. The client allocates a random port number to
    use when making a connection and then connects to port 21. If the
    client does not randomize its port number then it would be impossible
    for two processes on the same machine to connect to the same FTP
    server.

    The data connection depends entirely on which side is being the
    acceptor. In the original "active" model, the client allocates
    a random port number and offers it to the server. The server
    then uses port 20 to connect to the client's port.

    This does not work through firewalls and NATs. Therefore, the passive
    model was developed. In the passive model, the server allocates a
    random port and publishes it to the client. The client then allocates
    a random port number and connects to the server. The reason the client
    uses a random value is because the server may have a small number of
    reused ports.

    Kermit defaults to the passive model as does almost every other current
    FTP client. FTP servers are assumed to be in public space; the FTP
    client is assumed to be in private space given the current Internet
    architecture.

    Jeffrey Altman


    Don L wrote:

    > I'm waiting for some clarification on what they mean by "random high
    > ports", but I suspect they are talking about the command and data
    > ports the client PC is selecting and not those of the FTP server. If
    > my understanding is correct, the client PC can randomly assign its own
    > command and data ports.
    >
    > If this is the case (they are talking about the client PC's ports), is
    > there a way to assign the command and data ports of the client PC
    > using Kermit?



  5. Re: Firewall Issue

    in comp.protocols.kermit.misc i read:

    >The client then allocates a random port number and connects to the server.


    and in particular it is not kermit (or the ftp server code) that is
    choosing the port number; the tcp protocol stack provided by the system
    makes the choice. this can often be configured to use a particular range,
    e.g., some systems use 1024 and above, others will use only the dynamic
    range (49152 to 65535), while still others use a range selected by the
    system administration. so perhaps the client can be tuned to use something
    which the firewall admins will find more appealing.

    --
    a signature

+ Reply to Thread