Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.programming > #1256
| From | Robert Wessel <robertwessel2@yahoo.com> |
|---|---|
| Newsgroups | comp.programming |
| Subject | Re: Ideas on solving the file transfer problem |
| Message-ID | <19uhh75grild9tp9avc4tsa4m7psqs5uo6@4ax.com> (permalink) |
| References | (2 earlier) <jf9g7v$v4v$1@speranza.aioe.org> <un0hh7l9rfqg9bm4rqd5osc9po6q3ioa7t@4ax.com> <jfa1i1$9n2$1@speranza.aioe.org> <fj3hh7h4bgolireeou2ha62ne3rg4bb4tj@4ax.com> <jfanv1$jnj$1@speranza.aioe.org> |
| Organization | Forte Inc. http://www.forteinc.com/apn/ |
| Date | 2012-01-19 23:41 -0600 |
On Fri, 20 Jan 2012 03:44:33 +0000, Rui Maciel <rui.maciel@gmail.com> wrote: >Robert Wessel wrote: > >> On Thu, 19 Jan 2012 21:22:13 +0000, Rui Maciel <rui.maciel@gmail.com> >> >>>Domestic users tend to control their own firewalls. Would they be >>>affected by this? >> >> >> Well, sometimes they do. But doesn't making such a change move this >> out of the range of easy solution for the vast majority of users? >> >> But FTP ports are commonly blocked by (residential) ISPs, along with >> SMTP and a few others. You can often ask to get them unblocked. > >This isn't a problem. Port 21 may be the default port for FTP, but FTP >servers do provide a way to configure. Regarding the client, it's possible >to provide URLs to a FTP resources that specify a non-default port. > > >>>DNS wouldn't be a problem, as domain names aren't exactly necessary. NAT >>>wouldn't be a bigger problem than it already is. >> >> >> Given the two channel nature of FTP, NAT is a bigger problem than >> usual. Most firewalls that support FTP have specific code to deal >> with the data connection. PASV mode helps, but isn't usually the >> default, and is often disabled on FTP servers. > >Firewalls can be configured by the end-user to open the necessary ports. As >a last resort, it is also possible to use ports which are already opened but >attributed to other services. As I said... *sometimes* end users can configure their firewalls. And sometimes they can hack around them by using other ports. But as regards FTP, there are NAT/firewall issues in both active and PASV modes. The command channel needs to be dealt with by the NAT/firewall on the server end, which at least means setting up a forwarding, and possibly a translation rule. But at least that can be static. In "normal" active mode FTP, the client end will have to accept an incoming connection on dynamically selected port. This requires a dynamic change to the firewall/NAT rules, which most firewalls accomplish by actively monitoring the command channel looking for the PORT command from the client to the server, and then temporarily opening the appropriate incoming hole. The server end just needs outgoing access on port 20. Unfortunately, on the client side, many basic NAT/firewall devices do not handled the reverse data channel well. FTP PASV mode tries to fix that by making the client open the data channel to the server, instead of the other way around. This requires little from the NAT/firewall at the client other than letting outbound connections through. Unfortunately this moves the problem to the FTP server's firewall/NAT, which now has to understand when to open a random incoming port to the FTP server. Basically the same problem as at the client side. Now that required configuration is usually OK for "real" FTP servers, since it's not end-users setting them up, and needing to get things like static IP addresses (or dynamic DNS) going is usually not a particular difficulty for the people who *are* setting them up. So while FTP is OK for the client, the server requires a fair bit of pain that most end users are ill-equipped to shoulder. And honestly, why go through all that work dealing with the second data channel - do the file transfer via HTTP. And while that still has NAT/firewall issues at the server end, it has none of FTPs additional issues.
Back to comp.programming | Previous | Next — Previous in thread | Next in thread | Find similar
Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-15 17:17 +0000
Re: Ideas on solving the file transfer problem "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> - 2012-01-15 18:35 +0100
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-15 18:07 +0000
Re: Ideas on solving the file transfer problem "Dmitry A. Kazakov" <mailbox@dmitry-kazakov.de> - 2012-01-15 20:19 +0100
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-15 19:42 +0000
Re: Ideas on solving the file transfer problem Willem <willem@toad.stack.nl> - 2012-01-15 19:15 +0000
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-15 20:10 +0000
Re: Ideas on solving the file transfer problem Leif Roar Moldskred <leifm@dimnakorr.com> - 2012-01-18 09:16 -0600
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-19 16:26 +0000
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-19 14:59 -0600
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-19 21:22 +0000
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-19 15:54 -0600
Re: Ideas on solving the file transfer problem root <NoEMail@home.org> - 2012-01-19 22:20 +0000
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-19 17:43 -0600
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-20 04:22 +0000
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-19 23:43 -0600
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-20 12:59 +0000
Re: Ideas on solving the file transfer problem Geoff <geoff@invalid.invalid> - 2012-01-20 02:41 -0800
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-20 12:45 +0000
Re: Ideas on solving the file transfer problem Geoff <geoff@invalid.invalid> - 2012-01-20 15:41 -0800
Re: Ideas on solving the file transfer problem root <NoEMail@home.org> - 2012-01-21 00:18 +0000
Re: Ideas on solving the file transfer problem Geoff <geoff@invalid.invalid> - 2012-01-20 16:41 -0800
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-20 18:44 -0600
Re: Ideas on solving the file transfer problem Geoff <geoff@invalid.invalid> - 2012-01-20 15:43 -0800
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-20 18:34 -0600
Re: Ideas on solving the file transfer problem "Chris Uppal" <chris.uppal@metagnostic.REMOVE-THIS.org> - 2012-01-21 10:21 +0000
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-20 03:59 +0000
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-20 03:44 +0000
Re: Ideas on solving the file transfer problem Robert Wessel <robertwessel2@yahoo.com> - 2012-01-19 23:41 -0600
Re: Ideas on solving the file transfer problem Ian Collins <ian-news@hotmail.com> - 2012-01-20 14:07 +1300
Re: Ideas on solving the file transfer problem blp@cs.stanford.edu (Ben Pfaff) - 2012-01-19 18:20 -0800
Re: Ideas on solving the file transfer problem Leif Roar Moldskred <leifm@dimnakorr.com> - 2012-01-19 20:33 -0600
Re: Ideas on solving the file transfer problem Rui Maciel <rui.maciel@gmail.com> - 2012-01-20 04:08 +0000
csiph-web