Security Basics mailing list archives

Re: Passive FTP

From: Alexander Klimov <alserkli () inbox ru>
Date: Wed, 1 Jun 2005 16:01:52 +0300 (IDT)

On Tue, 31 May 2005, Roberto Alcantara wrote:

Guys, to able my FTP users in passive mode need I realy accept in my
firewall connections from 1024-65535 ports ?


If you users are clients (that is they use, say, a web browser to
download something from passive ftp) then you do not need any incoming
firewall settings--I guess, this is exactly the purpose passive ftp.

If you mean that your network consists of servers then you do need to
open incoming connections (at least ftp, i.e., tcp 21) and also those
ports (for passive mode) which are specified by your servers. Now,
there are endless list of options: configure your servers so they use
only some small port range; configure your firewall to inspect
ftp-control connections to detect which port to open for each ftp-data
connection; ...

-- 
Regards,
ASK

Current thread:

Re: Passive FTP, (continued)
- Re: Passive FTP Abdurrahman Beyazaslan (Jun 01)
- RE: Passive FTP Alexandre Skyrme (Jun 01)
- Re: Passive FTP Frankie Li (Jun 01)
- RE: Passive FTP David Gillett (Jun 01)
- Re: Passive FTP Joerg Zimmermann (Jun 01)
- Re: Passive FTP Glenn English (Jun 01)
- RE: Passive FTP Tim.BUTTON (Jun 01)
  - RE: Passive FTP Roberto Alcantara (Jun 01)
- Re: Passive FTP Michael Gale (Jun 01)
- Re: Passive FTP Ashish Popli (Jun 01)
- Re: Passive FTP Alexander Klimov (Jun 01)
- Re: Passive FTP eli (Jun 06)