Re: IP MASQUERADING broken again from v1.3.81 onwards

Jos Vos (
Fri, 05 Apr 1996 14:55:30 +0200

> port 20 is ftp-data, but this port is not used even if you do *not* use
> a firewall. the client and the server negotiate which port to use
> by using the PORT command, part of the ftp-protocoll.

Yes, but port 20 is normally used as remote port for the ftp-data
connection going to that local (negotiated) port. So that's why you
will normally see it listed using ipfwadm -Mln.

> you can *NEVER* ftp through a "closed" firewall except when using
> passive mode, see the PASV command, part of the ftp-protocoll.

This depends on your definition of a "closed" firewall. The special
treatment of the FTP PORT command *does* allow you to use it in
combination with IP masquerading, *without* using passive mode.

--    Jos Vos <>
--    X/OS Experts in Open Systems BV   |   Phone: +31 20 6938364
--    Amsterdam, The Netherlands        |     Fax: +31 20 6948204