[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Any danger from these ports?



On Wed, 12 Jan 2005, Charles R. Anderson wrote:

> Passive FTP listens on random local ephemeral ports for data
> connections set up by the 21/tcp control stream.  If you are not using
> a stateful firewall with a FTP helper, then you need to allow incoming
> TCP connections to whatever range your FTP server uses for passive FTP
> (defaults to the entire local port range).  This is why I have always
> set up my FTP server similar to this (older box using ipchains):
> 

Passive FTP does NOT use the local ephemeral ports, that is traditional
FTP behavior.  Passive FTP uses the existing TCP connection for both
the control and data channels, and is easier to firewall. 

Of course, the ftp server needs to know how to use passive FTP instead of
traditiional FTP.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]