RE: Passive FTP

["Alexandre Skyrme" <alexandre.skyrme () ciphersec com br>]

Greetings Roberto,

It isn't really clear on your message if you are running a server and want
to allow passive connections to it or if you want to allow passive
connections from your users to external FTP servers.

There is a good explanation for both types of FTP connections, including
diagrams and typical connections mappings, at
http://slacksite.com/other/ftp.html.

In case you're using Linux 2.4.X or newer with iptables there are some
modules specifically intended to track FTP connections so you don't need to
open up a wide range of ports for all connections, instead allowing only
those related to FTP connections. Most statefull firewalls should be able to
do so.

Regards,
--
Alexandre Skyrme
Cipher - Segurança da Informação
+55-21-2542-6677
www.ciphersec.com.br

Esta mensagem eletrônica pode conter informações privilegiadas e/ou
confidenciais, portanto fica o seu receptor notificado de que qualquer
disseminação, distribuição ou cópia não autorizada é estritamente proibida.
Se você recebeu esta mensagem indevidamente ou por engano, por favor,
informe este fato ao remetente e a apague de seu computador imediatamente.
 
This e-mail message may contain legally privileged and/or confidential
information, therefore, the recipient is hereby notified that any
unauthorized dissemination, distribution or copying is strictly prohibited.
If you have received this e-mail message inappropriately or accidentally,
please notify the sender and delete it from your computer immediately.


> -----Original Message-----
> From: Roberto Alcantara [mailto:roberto () fortalnet com br] 
> Sent: terça-feira, 31 de maio de 2005 10:09
> To: security-basics () securityfocus com
> Subject: Passive FTP
>
>
> Guys, to able my FTP users in passive mode need I realy accept in my 
> firewall connections from 1024-65535 ports ?
>
> Best regards,
> Roberto