From mboxrd@z Thu Jan 1 00:00:00 1970 From: Avery Pennarun Subject: Re: in the makefile for wget ftp:// etc. Date: Mon, 12 Jul 2004 15:11:53 -0400 Sender: xen-devel-admin@lists.sourceforge.net Message-ID: <20040712191153.GI2502@worldvisions.ca> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: Errors-To: xen-devel-admin@lists.sourceforge.net List-Unsubscribe: , List-Post: List-Help: List-Subscribe: , List-Archive: To: Ian Pratt Cc: ron minnich , xen-devel@lists.sourceforge.net List-Id: xen-devel@lists.xenproject.org On Mon, Jul 12, 2004 at 07:31:56PM +0100, Ian Pratt wrote: > I always forget which end the passive is with respect to: If I > use the passive-ftp directive, does it work if I'm behind a dumb > NAT box or outgoing-connections-only firewall? (i.e. I need to > initiate both connections) > > I guess that's the most common case for most users. Normally the ftp client makes outgoing connection on command port 21, then the server calls it back from port 20 to send it the file. Passive mode makes the server wait on port 20 for the client instead, which makes it much more useful for such dumb NAT boxes. Of course: - there aren't many NAT boxes remaining that are *that* dumb. ftp NAT is pretty much standard nowadays. - http is an all-around better protocol for (literally!) everything, so if you're just downloading stuff, use http instead. It uses only one port, doesn't need a passive mode at all, can pipeline requests to reduce latency, and most http servers are non-forking so they can handle a higher load. Have fun, Avery ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com