Why is passive mode working (even though it shouldn't!)

Message

spockomat · #1 Post by **spockomat** » 2006-05-30 14:38

Hi,

I am kind of confused with the way things are behaving with my server right now. This is my setup:
FileZilla is running on a computer connected to a router that serves as gateway to the internet. Port 21 is forwarded to this computer. Now when I try to connect to the FTP server from the outside in passive mode it actually works. But I have not forwarded any ports other than 21 to the server. Passive mode is established on a random port (since I have not entered a fixed range in the FileZilla settings) and data transfer works without any problems.

How is this possible? I thought that in passive mode the client establishes the data connection. And therefore my router should reject the connection request on the random data port since it is not open/forwarded.

I am not trying to disable passive mode. I simply want to understand what is going on. Hope someone can enlighten me...

Thanks

#2 Post by **botg** » 2006-05-30 15:20

You have a malicious router that snoops your traffic and transparently forwards ports.

spockomat · #3 Post by **spockomat** » 2006-05-30 16:05

Hmmm, I don't think that's the problem. When using apps like bittorrent I have to forward ports or else it won't work. So it seems like the handling of ports by the router works correctly.

I have read in an other forum, that routers that support SPI sometimes show this kind of behavior. Could that be a possibility?

#4 Post by **botg** » 2006-05-30 17:04

FTP is a very old and very simple protocol. Bittorrent is rather new and more complex. If your router only has "support" for FTP but not for Bittorrent you get the observed behaviour.