* in the makefile for wget ftp:// etc.
@ 2004-07-12 17:27 ron minnich
2004-07-12 18:31 ` Ian Pratt
0 siblings, 1 reply; 5+ messages in thread
From: ron minnich @ 2004-07-12 17:27 UTC (permalink / raw)
To: xen-devel
it's a good idea to do this:
wget --passive-ftp
for more and more sites. Probably a good default.
ron
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: in the makefile for wget ftp:// etc.
2004-07-12 17:27 in the makefile for wget ftp:// etc ron minnich
@ 2004-07-12 18:31 ` Ian Pratt
2004-07-12 19:11 ` Avery Pennarun
2004-07-12 20:36 ` ron minnich
0 siblings, 2 replies; 5+ messages in thread
From: Ian Pratt @ 2004-07-12 18:31 UTC (permalink / raw)
To: ron minnich; +Cc: xen-devel, Ian.Pratt
>
> it's a good idea to do this:
>
> wget --passive-ftp
>
> for more and more sites. Probably a good default.
I always forget which end the passive is with respect to: If I
use the passive-ftp directive, does it work if I'm behind a dumb
NAT box or outgoing-connections-only firewall? (i.e. I need to
initiate both connections)
I guess that's the most common case for most users.
Ian
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: in the makefile for wget ftp:// etc.
2004-07-12 18:31 ` Ian Pratt
@ 2004-07-12 19:11 ` Avery Pennarun
2004-07-12 20:39 ` ron minnich
2004-07-12 20:36 ` ron minnich
1 sibling, 1 reply; 5+ messages in thread
From: Avery Pennarun @ 2004-07-12 19:11 UTC (permalink / raw)
To: Ian Pratt; +Cc: ron minnich, xen-devel
On Mon, Jul 12, 2004 at 07:31:56PM +0100, Ian Pratt wrote:
> I always forget which end the passive is with respect to: If I
> use the passive-ftp directive, does it work if I'm behind a dumb
> NAT box or outgoing-connections-only firewall? (i.e. I need to
> initiate both connections)
>
> I guess that's the most common case for most users.
Normally the ftp client makes outgoing connection on command port 21, then
the server calls it back from port 20 to send it the file. Passive mode
makes the server wait on port 20 for the client instead, which makes it much
more useful for such dumb NAT boxes.
Of course:
- there aren't many NAT boxes remaining that are *that* dumb. ftp NAT is
pretty much standard nowadays.
- http is an all-around better protocol for (literally!) everything, so if
you're just downloading stuff, use http instead. It uses only one port,
doesn't need a passive mode at all, can pipeline requests to reduce
latency, and most http servers are non-forking so they can handle a
higher load.
Have fun,
Avery
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: in the makefile for wget ftp:// etc.
2004-07-12 19:11 ` Avery Pennarun
@ 2004-07-12 20:39 ` ron minnich
0 siblings, 0 replies; 5+ messages in thread
From: ron minnich @ 2004-07-12 20:39 UTC (permalink / raw)
To: Avery Pennarun; +Cc: Ian Pratt, xen-devel
On Mon, 12 Jul 2004, Avery Pennarun wrote:
> - http is an all-around better protocol for (literally!) everything, so if
> you're just downloading stuff, use http instead. It uses only one port,
> doesn't need a passive mode at all, can pipeline requests to reduce
> latency, and most http servers are non-forking so they can handle a
> higher load.
that's the real answer.
But if you ever need ftp, it ought to be passive, not because of dumb NATs
but because of security rules now in effect at many sites.
ron
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: in the makefile for wget ftp:// etc.
2004-07-12 18:31 ` Ian Pratt
2004-07-12 19:11 ` Avery Pennarun
@ 2004-07-12 20:36 ` ron minnich
1 sibling, 0 replies; 5+ messages in thread
From: ron minnich @ 2004-07-12 20:36 UTC (permalink / raw)
To: Ian Pratt; +Cc: xen-devel
On Mon, 12 Jul 2004, Ian Pratt wrote:
> I always forget which end the passive is with respect to: If I
> use the passive-ftp directive, does it work if I'm behind a dumb
> NAT box or outgoing-connections-only firewall? (i.e. I need to
> initiate both connections)
passive will work where non-passive will fail. Passive ftp will work
behind outgoing-connections-only firewalls.
ron
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2004-07-12 20:39 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2004-07-12 17:27 in the makefile for wget ftp:// etc ron minnich
2004-07-12 18:31 ` Ian Pratt
2004-07-12 19:11 ` Avery Pennarun
2004-07-12 20:39 ` ron minnich
2004-07-12 20:36 ` ron minnich
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.