Security Basics mailing list archives
Re: Passive FTP
From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 1 Jun 2005 16:01:52 +0300 (IDT)
On Tue, 31 May 2005, Roberto Alcantara wrote:
Guys, to able my FTP users in passive mode need I realy accept in my firewall connections from 1024-65535 ports ?
If you users are clients (that is they use, say, a web browser to download something from passive ftp) then you do not need any incoming firewall settings--I guess, this is exactly the purpose passive ftp. If you mean that your network consists of servers then you do need to open incoming connections (at least ftp, i.e., tcp 21) and also those ports (for passive mode) which are specified by your servers. Now, there are endless list of options: configure your servers so they use only some small port range; configure your firewall to inspect ftp-control connections to detect which port to open for each ftp-data connection; ... -- Regards, ASK
Current thread:
- Re: Passive FTP, (continued)
- Re: Passive FTP Abdurrahman Beyazaslan (Jun 01)
- RE: Passive FTP Alexandre Skyrme (Jun 01)
- Re: Passive FTP Frankie Li (Jun 01)
- RE: Passive FTP David Gillett (Jun 01)
- Re: Passive FTP Joerg Zimmermann (Jun 01)
- Re: Passive FTP Glenn English (Jun 01)
- RE: Passive FTP Tim.BUTTON (Jun 01)
- RE: Passive FTP Roberto Alcantara (Jun 01)
- Re: Passive FTP Michael Gale (Jun 01)
- Re: Passive FTP Ashish Popli (Jun 01)
- Re: Passive FTP Alexander Klimov (Jun 01)
- Re: Passive FTP eli (Jun 06)