Any danger from these ports?
Aaron.Sterr
Aaron.Sterr at tradingscreen.com
Wed Jan 12 23:42:05 UTC 2005
On Wed, 12 Jan 2005, Charles R. Anderson wrote:
> Passive FTP listens on random local ephemeral ports for data
> connections set up by the 21/tcp control stream. If you are not using
> a stateful firewall with a FTP helper, then you need to allow incoming
> TCP connections to whatever range your FTP server uses for passive FTP
> (defaults to the entire local port range). This is why I have always
> set up my FTP server similar to this (older box using ipchains):
>
Passive FTP does NOT use the local ephemeral ports, that is traditional
FTP behavior. Passive FTP uses the existing TCP connection for both
the control and data channels, and is easier to firewall.
Of course, the ftp server needs to know how to use passive FTP instead of
traditiional FTP.
More information about the fedora-test-list
mailing list