ftp windoze <- fc3 works fine, ftp fc3 <- fc3 doesn't work? (for me)
Robert Slade
fedora at bathnetworks.com
Mon Mar 14 16:48:12 UTC 2005
On Mon, 2005-03-14 at 16:04, Bob Brennan wrote:
Snip
>
> Excellent! Thanks Rob - once one knows what to Google one can be enlightened...
>
> http://slacksite.com/other/ftp.html is a good tutorial.
>
> That answers all previous questions - but opens a new one, at least in
> my mind. Is it more secure to restrict ftp to Active mode only (hope I
> got it right way round this time Paul!) or to open all ports > 1024 so
> that Passive mode can be used? I always thought having ports open like
> that is a Bad Idea. I also note that the above reference link says
> that most ftp servers allow the admin to specify a _range_ of
> underprivilaged(?) ports to be used, presumably one must then open the
> firewall to those ports.
>
> The document seems to say that Passive mode is there only to support
> clients that can't open their own ports>1024, which is an Active Mode
> requirement. I'm not sure if I'm more or less confused now than before
> - other than now knowing what the problem(s) is and how to get around
> it.
>
> bob
There are several ways around the need to permanently open posts >1024
for passive mode FTP. One way is to dynamically open the ports as and
when required. Your FC3 firewall can do this, try searching for iptables
and ftp again there are plenty of tutorials on how to do this.
Rob
More information about the fedora-list
mailing list