Manualshelf

HP-UX IPFilter Version 16 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
919293949596979899100
11 HP-UX IPFilter and FTP
This chapter describes how to filter FTP services. It contains the following sections:
“FTP Basics” (page 99)
“WU-FTPD on HP-UX” (page 99)
“Running an FTP Server” (page 100)
“Running an FTP Client” (page 100)
CAUTION: NAT and FTP are incompatible. If you are using FTP on your IPFilter system, do
not use NAT rules.
FTP Basics
The File Transfer Protocol (FTP) is a user-level protocol for transferring files between host
computers.
An FTP session involves two separate connections:
Control connection
1. The server listens for client connections on port 21.
2. The client opens a connection to the server port 21 on a client port above 1023.
3. The client uses this connection to send commands to, and receive replies from, the
server.
This connection lasts through the FTP session.
Data connection
The data connection is used for transferring data between the client and server. A new data
connection is opened for each FTP command. The way the data connection is created depends
on the type of FTP session—active or passive.
In active FTP, the client actively opens a connection to the FTP server at port 21. It uses a port
number in the dynamic port range (by default, a number greater than 1023) as its port for the
control connection. The client then opens a new port (passive open) as its data port and sends
this port number across to the server using the PORT command. The server then opens a data
connection (active open) to the data port specified in the PORT command of the client. The server
uses port 20 as its data connection port.
In passive FTP, the control connection is established the same as it is in active FTP. In passive
FTP, to establish a data connection the server opens an arbitrary data port in the dynamic port
range . It uses the FTP PASV command to send the data port number to the client. The client
connects to the port specified by the PASV command and uses a different port in the dynamic
port range as its data port.
WU-FTPD on HP-UX
The HP implementation of the FTP daemon for HP-UX 11i core networking is based on the
WU-FTPD daemon, version 2.4. Additional security correction has been added to WU-FTPD
2.6.1. HP recommends upgrading to WU-FTPD 2.6.1 for enhanced security.
For systems on HP-UX 11.0, you can upgrade to WU-FTPD 2.6.1 from either the legacy FTP
version that is delivered with the core networking products on 11.0, or from WU-FTPD 2.4, which
has been made available as the patch PHNE_21936.
WU-FTPD 2.6.1 is downloadable from the HP Software Depot for systems running HP-UX 11.0
or HP-UX 11i v1. The URL is http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/
displayProductInfo.pl?productNumber=3DWUFTPD26.
FTP Basics 99