Manualshelf

HP-UX IPFilter v18.21 Administrator Guide HP-UX 11i v3 (761995-001, March 2014)

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
81828384858687888990
12 HP-UX IPFilter and FTP
CAUTION: NAT and FTP are incompatible. If you are using FTP on your IPFilter system, do not
use NAT rules.
FTP basics
The FTP is a user-level protocol for transferring files between host computers.
An FTP session involves two separate connections:
Control connection
The server listens for client connections on port 21.1.
2. The client opens a connection to the server port 21 on a client port above 1023.
3. The client uses this connection to send commands to, and receive replies from, the server.
This connection lasts through the FTP session.
Data connection
The data connection is used for transferring data between the client and server. A new data
connection is opened for each FTP command. The way the data connection is created depends
on the type of FTP session—active or passive.
In active FTP, the client actively opens a connection to the FTP server at port 21. It uses a port
number in the dynamic port range (by default, a number greater than 1023) as the port for the
control connection. The client then opens a new port (passive open) as the data port and sends
this port number across to the server using the PORT command. The server then opens a data
connection (active open) to the data port specified in the PORT command of the client. The server
uses port 20 as the data connection port.
In passive FTP, the control connection is established the same as it is in active FTP. In passive FTP,
to establish a data connection the server opens an arbitrary data port in the dynamic port range
. It uses the FTP PASV command to send the data port number to the client. The client connects to
the port specified by the PASV command and uses a different port in the dynamic port range as
the data port.
WU-FTPD on HP-UX
The HP implementation of the FTP daemon for HP-UX 11i core networking is based on the WU-FTPD
daemon, version 2.4. Additional security correction has been added to WU-FTPD 2.6.1. HP
recommends upgrading to WU-FTPD 2.6.1 for enhanced security.
For systems on HP-UX 11.0, you can upgrade to WU-FTPD 2.6.1 from either the legacy FTP version
that is delivered with the core networking products on 11.0, or from WU-FTPD 2.4, which has
been made available as the patch PHNE_21936.
WU-FTPD 2.6.1 is downloadable from the HP Software Depot for systems running HP-UX 11.0 or
HP-UX 11i v1:
http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?
productNumber=3DWUFTPD26
WU-FTPD 2.6.1 is a core product on HP-UX 11i v2.
Running an FTP server
This section describes active FTP and passive FTP server setup.
84 HP-UX IPFilter and FTP