Working From Behind a Network Firewall

Working From Behind a Network Firewall
Prev	Chapter 3. Using MSS FTP Service.	Next

Many systems these days are located behind network firewalls that prevent inbound TCP connections. Newer FTP Clients are cognizant of this situation and automatically try to use the "passive data connection mode", which is usually firewall compatible. However, if you are using an older FTP Client, you may need to tell it to use passive mode. For example:

ftp> passive
Passive mode on.

In addition, your local firewall may restrict the ports to which your computer may attempt to establish outbound connections. The MSS FTP Service is configured to permit passive connections from FTP Clients on TCP ports from 49152 to 49183, inclusive. The response from the MSS FTP Service to the PASV command from the FTP Client states which passive port will be used for that specific data transfer request.

Note

For connections from outside the UCAR security perimeter, the FTP control connection uses encryption, which will prevent a state tracking firewall from being able to dynamically adjust its rules on the fly.

Prev	Up	Next
Getting help.	Home	Listing the Contents of a Directory.