RE: Fw: FTP passive ports for firewalls

["Broadfoot, Kieran J" <Kieran.Broadfoot@xxxxxxx>]

Stuart,

The following website gives excellent details on this subject.  I
don't know
what type of ftp server youll be using but must unix ftp servers can be
configured to only use certain >1024 ports which simplifies your
firewall
rules greatly.

hope this helps
kieran

http://slacksite.com/other/ftp.html


-----Original Message-----
From: Dan [mailto:dtoma@xxxxxxx] 
Subject: Re: [ukha_d] Fw: FTP passive ports for firewalls

Hi Stuart,

You cannot enter to an internal FTP server just opening some ports...
you
need something like an application gateway.
You must trigger upper ports (>1024) opening for output for any input
access
to ports 20 and 21.

If you just forward ports 20 and 21 to an internal host, then you will
be
able to connect to the FTP server (first step), but not to do any other
operation, like listing a directory or copy a file.

You can try to put the computer in DMZ.. then it will be directly exposed
to
the Internet.

Look at the following page for more informations about accessing
internal
services through the firewall.
http://www.homenethelp.com/web/howto/apps-behind-router.asp
.. but take care.. for FTP is not enough to open one port, like on that
page. Read user comments too.

It is not the same for telnet..you can pass only port 23 and you're
done.
The same for HTTP.

..but...FTP is a little bit different.

Dan

Yahoo! Groups Sponsor

ADVERTISEMENT

http://www.automatedhome.co.uk
Post message: ukha_d@xxxxxxx 
Subscribe:  ukha_d-subscribe@xxxxxxx 
Unsubscribe:  ukha_d-unsubscribe@xxxxxxx 
List owner:  ukha_d-owner@xxxxxxx
List of UKHA Groups here - http://groups.yahoo.com/group/UKHA_Grouplists/

Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.