[thelist] FTP, IP Filtering, and Firewalls
raditha dissanayake
jabber at raditha.com
Fri May 28 11:04:51 CDT 2004
Joshua Olson wrote:
>List,
>
>I'm configuration FTP on a server and I want to maximally lock down the
>ports. I opened the normal ports for FTP, 20 and 21, and found that this
>works very well so long as the client is not behind a firewall and was
>therefore able to use Active Mode FTP transfer. But, if they are behind a
>firewall, am I correct in assuming that they MUST be able to use Passive
>Mode, which means that the server needs to have some ports open in the upper
>range? If so, is there an easy way to configure the open ports using the IP
>Filtering OTHER than enumerate each possible port one at a time?
>
>
This of course is the problem with FTP, when there are firewalls at both
ends it becomes a major pain. Since the data connection is a fresh
connection and not merely the incoming portion of a previously
established connection many firewalls through it out. Since it's pretty
hard to distinguish a dataconnection from any other connect you might
not want to just open up the ports. A couple of years ago I so a
IPTables recipe that seemed to work well. If you look it up in an
IPTables group you might find the solution.
A painless way of course would be to use SFTP, if port 21 is open no
reason why 22 cannot be open :-)
All the best
>
>
--
Raditha Dissanayake.
---------------------------------------------
http://www.raditha.com/megaupload/upload.php
Sneak past the PHP file upload limits.
More information about the thelist
mailing list