[thelist] FTP, IP Filtering, and Firewalls
Joshua Olson
joshua at waetech.com
Sat May 29 07:19:22 CDT 2004
> -----Original Message-----
> From: Michael Pemberton
> Sent: Friday, May 28, 2004 11:42 PM
>
> Many firewalls on the market today will let you work with ranges of
> ports instead of individual ports.
Michael,
You are exactly correct. I wasn't clear in my original post, but I'm
deploying a "defense in depth" by utilizing the IP Filtering that is built
into MS Windows Servers 2000 and 2003 as well as an external firewall. It's
awful nice to have filtering on the server itself, but the functionality is
still a bit immature, or so it seems, as it doesn't allow to open up port
ranges, only individual ports.
> Most ftp servers allow you to specify the ports that are allowed for
> PASV transfers. Some will even go so far as to allow you to set the IP.
>
> This is required so that you can open, and port forward where needed,
> the required ports.
This is what I ended up doing. I am using FileZilla as the FTP server and I
configured it to use only a dozen or so upper ports. Then I opened up only
those ports--which was a manual one-by-one process using Windows IP
Filtering. This is a viable solution as I do not expect any more than five
or so users EVER to have FTP access to the box.
<><><><><><><><><><>
Joshua Olson
Web Application Engineer
WAE Tech Inc.
http://www.waetech.com/service_areas/
706.210.0168
More information about the thelist
mailing list