it''s a good idea to do this: wget --passive-ftp for more and more sites. Probably a good default. ron ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
> > it''s a good idea to do this: > > wget --passive-ftp > > for more and more sites. Probably a good default.I always forget which end the passive is with respect to: If I use the passive-ftp directive, does it work if I''m behind a dumb NAT box or outgoing-connections-only firewall? (i.e. I need to initiate both connections) I guess that''s the most common case for most users. Ian ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Mon, Jul 12, 2004 at 07:31:56PM +0100, Ian Pratt wrote:> I always forget which end the passive is with respect to: If I > use the passive-ftp directive, does it work if I''m behind a dumb > NAT box or outgoing-connections-only firewall? (i.e. I need to > initiate both connections) > > I guess that''s the most common case for most users.Normally the ftp client makes outgoing connection on command port 21, then the server calls it back from port 20 to send it the file. Passive mode makes the server wait on port 20 for the client instead, which makes it much more useful for such dumb NAT boxes. Of course: - there aren''t many NAT boxes remaining that are *that* dumb. ftp NAT is pretty much standard nowadays. - http is an all-around better protocol for (literally!) everything, so if you''re just downloading stuff, use http instead. It uses only one port, doesn''t need a passive mode at all, can pipeline requests to reduce latency, and most http servers are non-forking so they can handle a higher load. Have fun, Avery ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Mon, 12 Jul 2004, Ian Pratt wrote:> I always forget which end the passive is with respect to: If I > use the passive-ftp directive, does it work if I''m behind a dumb > NAT box or outgoing-connections-only firewall? (i.e. I need to > initiate both connections)passive will work where non-passive will fail. Passive ftp will work behind outgoing-connections-only firewalls. ron ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel
On Mon, 12 Jul 2004, Avery Pennarun wrote:> - http is an all-around better protocol for (literally!) everything, so if > you''re just downloading stuff, use http instead. It uses only one port, > doesn''t need a passive mode at all, can pipeline requests to reduce > latency, and most http servers are non-forking so they can handle a > higher load.that''s the real answer. But if you ever need ftp, it ought to be passive, not because of dumb NATs but because of security rules now in effect at many sites. ron ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Xen-devel mailing list Xen-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/xen-devel