Your best friend for file transfer.Fetch
Fetch 3.03 & NAT filters (5 posts)
- Started 14 years ago by brashquido
- Latest reply 14 years ago from Jim Matthews
Hope somebody can help me, I've got a user running a G3 with OS 8.6 and Fetch 3.03. This is the only Mac on the network. Internet access is provided through Network Address Translation on a Windows 2000 Server. For the most part all works fine. However, when I try to configure input filters for NAT to increase security, Fetch stops working. I've opened TCP ports 20 & 21 for both outgoing and incoming connections for FTP access on the server and set Fetch to connect via PASV mode using ports 20 through to 21 on the Mac without the desired results. Fetch seems to authenticate, but won't give a directory listing. I spose in short, what protocol (TCP,UDP or ICMP)and port number(s) do I have to leave open for Fetch 3.03 to get through. Or how can I find out what protocol and port number fetch is trying to use. I getting pretty desperate for help as the server has already been hacked once and without the filters, it's wide open! Thanks.
Managed to get a bit further. I created a filter to allow TCP with ports 20 & 21, TCP(established) with ports 20 & 21 and UDP with ports 20 & 21 access. Fetch will now login and display the root directory, but won't list any of the sub-direcories. The FTP server in question is a UNIX server.
230 Logged in.
215 UNIX Type: L8
257 "/user/b/e/benryan" is cwd.
250 "/export/home/netspace" is new cwd.
257 "/export/home/netspace" is cwd.
250 "/export/home/netspace/docs" is new cwd.
257 "/export/home/netspace/docs" is cwd.
250 "/export/home/netspace/docs/draft6" is new cwd.
257 "/export/home/netspace/docs/draft6" is cwd.
227 Entering Passive Mode (210,15,254,254,135,186)
And thats where it seems to hang
Correction, back to square one. The only way I can get it working is to add a filter to NAT that has no restriction what so ever. Any ideas?
Finally got round the problem. More of a work round than a fix, but it'll do. It seems even though I specified only to use ports 1024 to 1040 in the Fetch, it was still trying to use ports from 1024 to 65535. Whether this is a server or client thing, I have no idea. I ended up allowing the IP of the FTP servers in question wide open access to the network. THe only problem is, the user in question is a Web Designer, and needs access to different FTP servers every few months.
Jim Matthews Administrator
FTP clients use two TCP connections for each session, the control connection and the data connection. The control connection is made from the client to the server, usually to port 21 on the server. The data connection might be made from the client (if the PASV command is used) or from the server. If it's made from the client, it's made to an address picked by the server, so it's difficult to say in advance what port that will be. If PORT is used (instead of PASV) the client picks the port that the server will connect to.
In that case Fetch picks a random port. It used to let the user specify a range of ports to use, but that preference was confusing to a lot of users, and was removed in Fetch 4.0.
I hope this helps,
- Page 1
This topic has been closed.