Discussion:
ftp passive mode in OS/2
(too old to reply)
Baden Kudrenecky
2004-10-29 21:07:11 UTC
Permalink
Hi:

Occasionally, the subject comes up about passive
mode for ftp transfers in OS/2. Usually, someone
states that OS/2's "ftp.exe" CLI program does not
support passive mode. I was informed a long time ago
that it did, so I just double checked and it DOES:

IBM TCP/IP for OS/2 - FTP Client ver 19:28:39 on Sep 2 1998
=================================================
ftp> quote pasv
227 Entering passive mode (24,81,111,2,206,47)
=================================================

FtpServer v0.80 Copyright (C) 1997-2000 Peter Moylan. Users: 1
=================================================
2004-10-29 13:57:28 891 PASV
=================================================

I like the default ftp CLI interface, as it is
universal, and will do mget's and mputs easily. The
only thing I don't like about it, is that there is a
bug in "mput", where it parses all upper case filenames
to lower case.

lin Baden


-----------------------------------------------------------
Baden Kudrenecky
***@unixg.ubc.ca
http://baden.nu/
-----------------------------------------------------------
Bob Eager
2004-10-29 21:59:05 UTC
Permalink
Post by Baden Kudrenecky
Occasionally, the subject comes up about passive
mode for ftp transfers in OS/2. Usually, someone
states that OS/2's "ftp.exe" CLI program does not
support passive mode. I was informed a long time ago
IBM TCP/IP for OS/2 - FTP Client ver 19:28:39 on Sep 2 1998
=================================================
ftp> quote pasv
227 Entering passive mode (24,81,111,2,206,47)
=================================================
FtpServer v0.80 Copyright (C) 1997-2000 Peter Moylan. Users: 1
=================================================
2004-10-29 13:57:28 891 PASV
=================================================
All the above proves is that you can use the 'quote' command to send
'pasv'. There's rather more to it, at the client end. Did you go on to
complete an actual passive mode file transfer? I doubt it...

Yes, I like the CLI too. Or I would if I could get it to do passive
mode...
Marty
2004-10-29 22:55:29 UTC
Permalink
Post by Bob Eager
Post by Baden Kudrenecky
Occasionally, the subject comes up about passive
mode for ftp transfers in OS/2. Usually, someone
states that OS/2's "ftp.exe" CLI program does not
support passive mode. I was informed a long time ago
IBM TCP/IP for OS/2 - FTP Client ver 19:28:39 on Sep 2 1998
=================================================
ftp> quote pasv
227 Entering passive mode (24,81,111,2,206,47)
=================================================
FtpServer v0.80 Copyright (C) 1997-2000 Peter Moylan. Users: 1
=================================================
2004-10-29 13:57:28 891 PASV
=================================================
All the above proves is that you can use the 'quote' command to send
'pasv'. There's rather more to it, at the client end. Did you go on to
complete an actual passive mode file transfer? I doubt it...
Yes, I like the CLI too. Or I would if I could get it to do passive
mode...
Actually, I posed a similar question to Peter Moylan. He said that his
FTP daemon will revert back to "active" (non-passive) FTP if the client
doesn't support it. When you do the "quot", the FTP client itself is
blissfully unaware of what you're doing, and goes about its business as
it sees fit. In this case, it connects in non-passive mode anyway, but
Peter's FTPD is smart enough to realize this and compensate.

If you do this when connecting to IBM's FTPD (which doesn't support
passive mode either), both ends wind up ignoring the directive and
transferring in non-passive mode. So that will work as well.
Bob Eager
2004-10-29 22:58:47 UTC
Permalink
Post by Marty
Post by Bob Eager
Post by Baden Kudrenecky
Occasionally, the subject comes up about passive
mode for ftp transfers in OS/2. Usually, someone
states that OS/2's "ftp.exe" CLI program does not
support passive mode. I was informed a long time ago
ftp> quote pasv
227 Entering passive mode (24,81,111,2,206,47)
=================================================
All the above proves is that you can use the 'quote' command to send
'pasv'. There's rather more to it, at the client end. Did you go on to
complete an actual passive mode file transfer? I doubt it...
Actually, I posed a similar question to Peter Moylan. He said that his
FTP daemon will revert back to "active" (non-passive) FTP if the client
doesn't support it. When you do the "quot", the FTP client itself is
blissfully unaware of what you're doing, and goes about its business as
it sees fit.
Yes, 'pasv' has to be part of a transaction.
Post by Marty
In this case, it connects in non-passive mode anyway, but
Peter's FTPD is smart enough to realize this and compensate.
If you do this when connecting to IBM's FTPD (which doesn't support
passive mode either), both ends wind up ignoring the directive and
transferring in non-passive mode. So that will work as well.
Well, up to a point. If there is a good reason for passive mode (e.g. a
firewall policy blocks active mode, which is the usual reason for using
passive mode) then it won't work at all!
Peter Moylan
2004-11-01 02:36:15 UTC
Permalink
Post by Marty
Post by Bob Eager
Post by Baden Kudrenecky
IBM TCP/IP for OS/2 - FTP Client ver 19:28:39 on Sep 2 1998
=================================================
ftp> quote pasv
227 Entering passive mode (24,81,111,2,206,47)
=================================================
Yes, I like the CLI too. Or I would if I could get it to do passive
mode...
Actually, I posed a similar question to Peter Moylan. He said that his
FTP daemon will revert back to "active" (non-passive) FTP if the client
doesn't support it. When you do the "quot", the FTP client itself is
blissfully unaware of what you're doing, and goes about its business as
it sees fit. In this case, it connects in non-passive mode anyway, but
Peter's FTPD is smart enough to realize this and compensate.
Actually, that's not quite correct, although the end result is the
same. The way the FTP standards work, the PASV command is needed
ahead of each file transfer command if you want to use passive mode.
That is, the PASV is effective only for the current transfer, and then
the default goes back to non-passive. It doesn't require the server
to be smart; any FTP server will do the same.

What is happening in the present case is
(a) The server receives the PASV command, sends back the 227 response,
and then prepares to use the indicated port for the next file
transfer (expected to be a RETR or STOR command, or something like
that, from the client).
(b) Meanwhile, the client doesn't know anything about passive mode.
As others have pointed out, the "quote" command simply passes on
something to the server, without the client trying to understand
it. The client doesn't even parse what comes after the "quote".
(c) Next - in a part of the log that was not included in the original
posting - the user presumably wants to download a file, so gives
a "get" command to the client. At least, that's what I'm
assuming for the sake of example.
(d) The standard (non-passive) way of implementing the "get" is to
send a PORT command to the server, followed by a RETR command,
so that's what the client sends to the server.
(e) At the server end, receipt of the PORT command automatically
cancels out the preceding PASV, and puts the server back into
passive mode.

One other thing illustrated by the above sequence is than an FTP
transfer is always a two-step operation:
1. A negotiation between client and server, using the PASV or
PORT command, to establish which ports should be used at
each end of the connection.
2. The actual data transfer command (STOR, STOU, RETR, etc.) that
says what to do and which file to transfer. This transfer
uses the ports specified in step 1.

What this means, unfortunately, is that you can NEVER use the "quote"
facility of an ftp client to do a transfer. (Which is a real
headache if you're trying to debug an ftp program.) The reason is that
there's no way to tell the client which port the server expects
to use.
--
Peter Moylan peter at ee dot newcastle dot edu dot au
http://eepjm.newcastle.edu.au (OS/2 and eCS information and software)
Baden Kudrenecky
2004-11-02 02:17:55 UTC
Permalink
Hi Peter:

Thanks for your fine explanation. I was wondering
if port 20 is still used in a PASV transfer, as I had
problems last year, where that port was blocked
somewhere, so I couldn't send ftp, but my browsers
would see the files.

thanks,
lin Baden
Post by Peter Moylan
Post by Marty
Post by Bob Eager
Post by Baden Kudrenecky
IBM TCP/IP for OS/2 - FTP Client ver 19:28:39 on Sep 2 1998
=================================================
ftp> quote pasv
227 Entering passive mode (24,81,111,2,206,47)
=================================================
Yes, I like the CLI too. Or I would if I could get it to do passive
mode...
Actually, I posed a similar question to Peter Moylan. He said that his
FTP daemon will revert back to "active" (non-passive) FTP if the client
doesn't support it. When you do the "quot", the FTP client itself is
blissfully unaware of what you're doing, and goes about its business as
it sees fit. In this case, it connects in non-passive mode anyway, but
Peter's FTPD is smart enough to realize this and compensate.
Actually, that's not quite correct, although the end result is the
same. The way the FTP standards work, the PASV command is needed
ahead of each file transfer command if you want to use passive mode.
That is, the PASV is effective only for the current transfer, and then
the default goes back to non-passive. It doesn't require the server
to be smart; any FTP server will do the same.
What is happening in the present case is
(a) The server receives the PASV command, sends back the 227 response,
and then prepares to use the indicated port for the next file
transfer (expected to be a RETR or STOR command, or something like
that, from the client).
(b) Meanwhile, the client doesn't know anything about passive mode.
As others have pointed out, the "quote" command simply passes on
something to the server, without the client trying to understand
it. The client doesn't even parse what comes after the "quote".
(c) Next - in a part of the log that was not included in the original
posting - the user presumably wants to download a file, so gives
a "get" command to the client. At least, that's what I'm
assuming for the sake of example.
(d) The standard (non-passive) way of implementing the "get" is to
send a PORT command to the server, followed by a RETR command,
so that's what the client sends to the server.
(e) At the server end, receipt of the PORT command automatically
cancels out the preceding PASV, and puts the server back into
passive mode.
One other thing illustrated by the above sequence is than an FTP
1. A negotiation between client and server, using the PASV or
PORT command, to establish which ports should be used at
each end of the connection.
2. The actual data transfer command (STOR, STOU, RETR, etc.) that
says what to do and which file to transfer. This transfer
uses the ports specified in step 1.
What this means, unfortunately, is that you can NEVER use the "quote"
facility of an ftp client to do a transfer. (Which is a real
headache if you're trying to debug an ftp program.) The reason is that
there's no way to tell the client which port the server expects
to use.
--
Peter Moylan peter at ee dot newcastle dot edu dot au
http://eepjm.newcastle.edu.au (OS/2 and eCS information and software)
-----------------------------------------------------------
Baden Kudrenecky
***@unixg.ubc.ca
http://baden.nu/
-----------------------------------------------------------
Peter Moylan
2004-11-02 03:33:03 UTC
Permalink
Post by Baden Kudrenecky
Thanks for your fine explanation. I was wondering
if port 20 is still used in a PASV transfer, as I had
problems last year, where that port was blocked
somewhere, so I couldn't send ftp, but my browsers
would see the files.
No, port 20 is used only in the non-passive case. Web
browsers always choose passive mode, as far as I know
(they never seem to give you the choice), so they're more
likely to work behind a firewall. Typical firewall rules will
stop you from using the low-numbered ports, which is one reason why
non-passive FTP often won't work if the client is behind a firewall.
(Another reason is that the PORT command can fail if the firewall
implements NAT (Network address translation). With passive FTP the
PORT command doesn't get used.)
--
Peter Moylan peter at ee dot newcastle dot edu dot au
http://eepjm.newcastle.edu.au (OS/2 and eCS information and software)
Baden Kudrenecky
2004-10-30 04:08:06 UTC
Permalink
Post by Bob Eager
All the above proves is that you can use the 'quote' command to send
'pasv'. There's rather more to it, at the client end. Did you go on to
complete an actual passive mode file transfer? I doubt it...
How would I tell?

Why would my client return with ports?

lin Baden


-----------------------------------------------------------
Baden Kudrenecky
***@unixg.ubc.ca
http://baden.nu/
-----------------------------------------------------------
Bob Eager
2004-10-30 09:01:25 UTC
Permalink
Post by Baden Kudrenecky
Post by Bob Eager
All the above proves is that you can use the 'quote' command to send
'pasv'. There's rather more to it, at the client end. Did you go on to
complete an actual passive mode file transfer? I doubt it...
How would I tell?
If you had a firewall set up to block active mode (as a firewall
generally) would then only passive mode would work.
Post by Baden Kudrenecky
Why would my client return with ports?
Sorry, don't understand what you are trying to say.
Baden Kudrenecky
2004-10-31 01:47:18 UTC
Permalink
Post by Bob Eager
Post by Baden Kudrenecky
Post by Bob Eager
All the above proves is that you can use the 'quote' command to send
'pasv'. There's rather more to it, at the client end. Did you go on to
complete an actual passive mode file transfer? I doubt it...
How would I tell?
If you had a firewall set up to block active mode (as a firewall
generally) would then only passive mode would work.
Where would I find a public ftp site with a firewall
configured that needs pasv mode?
Post by Bob Eager
Post by Baden Kudrenecky
Why would my client return with ports?
Sorry, don't understand what you are trying to say.
Here's another example:

client:
ftp> quote baden
500 Unknown command BADEn
ftp> quote pasv
227 Entering passive mode (24,81,111,2,196,19)
ftp>

daemon:
2004-10-30 18:40:33 770 BADEn
2004-10-30 18:40:54 770 PASV

So why does my ftp.exe recognise passive mode as
legitimate, and seem to return an assigned port
(196.19)?

later,
lin Baden


-----------------------------------------------------------
Baden Kudrenecky
***@unixg.ubc.ca
http://baden.nu/
-----------------------------------------------------------
Al Savage
2004-10-31 02:05:59 UTC
Permalink
Post by Baden Kudrenecky
ftp> quote baden
500 Unknown command BADEn
ftp> quote pasv
227 Entering passive mode (24,81,111,2,196,19)
ftp>
2004-10-30 18:40:33 770 BADEn
2004-10-30 18:40:54 770 PASV
So why does my ftp.exe recognise passive mode as
legitimate, and seem to return an assigned port
(196.19)?
If I read the above correctly, ftp.exe is not the agent entering passive
mode. The line:

"227 Entering passive mode . . . "
is merely the echo from ftpd, not from ftp.exe

And Marty reported that Peter said that ftpServer will revert to
non-passive mode if the client does not respond to the PASV-set port
set. I don't think you've shown that IBM's ftp.exe actually transfers
data in PASV mode.

IPTRACE/IPFORMAT would probably show this, either way.
--
Regards,
Al S. 
Marty
2004-10-31 02:08:58 UTC
Permalink
Post by Baden Kudrenecky
Post by Bob Eager
Post by Baden Kudrenecky
Why would my client return with ports?
Sorry, don't understand what you are trying to say.
ftp> quote baden
500 Unknown command BADEn
ftp> quote pasv
227 Entering passive mode (24,81,111,2,196,19)
ftp>
2004-10-30 18:40:33 770 BADEn
2004-10-30 18:40:54 770 PASV
So why does my ftp.exe recognise passive mode as
legitimate, and seem to return an assigned port
(196.19)?
FTP.EXE is not recognizing anything. That's the whole point of "quote".
It passes what you say, verbatim, to the FTP daemon on the server
side, without having any knowledge of what you're telling the server.
--
[Reverse the parts of the e-mail address to reply.]
Baden Kudrenecky
2004-10-31 06:50:27 UTC
Permalink
Post by Marty
Post by Baden Kudrenecky
Post by Bob Eager
Post by Baden Kudrenecky
Why would my client return with ports?
Sorry, don't understand what you are trying to say.
ftp> quote baden
500 Unknown command BADEn
ftp> quote pasv
227 Entering passive mode (24,81,111,2,196,19)
ftp>
2004-10-30 18:40:33 770 BADEn
2004-10-30 18:40:54 770 PASV
So why does my ftp.exe recognise passive mode as
legitimate, and seem to return an assigned port
(196.19)?
FTP.EXE is not recognizing anything. That's the whole point of "quote".
It passes what you say, verbatim, to the FTP daemon on the server
side, without having any knowledge of what you're telling the server.
Are you guys trying to tell me that ftp.exe returns:
"227 Entering passive mode (24,81,111,2,196,19)"
just as a distraction?

i.e., why would it even display that if it wasn't
supported?

later,
lin Baden


-----------------------------------------------------------
Baden Kudrenecky
***@unixg.ubc.ca
http://baden.nu/
-----------------------------------------------------------
Marty
2004-10-31 07:45:33 UTC
Permalink
Post by Baden Kudrenecky
Post by Marty
Post by Baden Kudrenecky
Post by Bob Eager
Post by Baden Kudrenecky
Why would my client return with ports?
Sorry, don't understand what you are trying to say.
ftp> quote baden
500 Unknown command BADEn
ftp> quote pasv
227 Entering passive mode (24,81,111,2,196,19)
ftp>
2004-10-30 18:40:33 770 BADEn
2004-10-30 18:40:54 770 PASV
So why does my ftp.exe recognise passive mode as
legitimate, and seem to return an assigned port
(196.19)?
FTP.EXE is not recognizing anything. That's the whole point of "quote".
It passes what you say, verbatim, to the FTP daemon on the server
side, without having any knowledge of what you're telling the server.
"227 Entering passive mode (24,81,111,2,196,19)"
just as a distraction?
Where do you think that message came from?
Post by Baden Kudrenecky
i.e., why would it even display that if it wasn't
supported?
The FTP client echos every message it gets back from the daemon it is
talking to. The message you saw was the daemon acknowledging the
command that you directly sent to it.

Please refer to the TCP/IP documentation on the "quote" command in FTP
if you still think that it's possible the message came from the client.
--
[Reverse the parts of the e-mail address to reply.]
Bob Eager
2004-10-31 09:49:42 UTC
Permalink
Post by Baden Kudrenecky
"227 Entering passive mode (24,81,111,2,196,19)"
just as a distraction?
It's merely reporting what the server said. The clue is the leading
'227' which is part of the server response.
Bob Eager
2004-10-31 09:49:41 UTC
Permalink
Post by Baden Kudrenecky
Post by Bob Eager
If you had a firewall set up to block active mode (as a firewall
generally) would then only passive mode would work.
Where would I find a public ftp site with a firewall
configured that needs pasv mode?
No, I said 'if YOU had a firewall'. It's safer having your own firewall
set to only allow passive mode from your own FTP clients.
Post by Baden Kudrenecky
ftp> quote baden
500 Unknown command BADEn
ftp> quote pasv
227 Entering passive mode (24,81,111,2,196,19)
ftp>
To be expected. That's the server saying it DOES understand PASV but
doesn't understand BADEN. All it says about about the client is that it
knows the QUOTE command.
Post by Baden Kudrenecky
2004-10-30 18:40:33 770 BADEn
2004-10-30 18:40:54 770 PASV
So why does my ftp.exe recognise passive mode as
legitimate, and seem to return an assigned port
(196.19)?
It DOESN'T! The server recognises it. All the responses you see are
coming from the server, but they are no good except in the context of a
complete set of FTP transactions.
Loading...