Re: ftp
On Thu, 1 Mar 2001, Konrad Mader wrote:
> what is to do to enable ftp through the Firewall (debian2.2,
> Kernel2.2). www and Mail works fine so I think
There are two separate problems:
1) allowing ftp from the oustide world to some host in your protected LAN
2) allowing ftp from your protected LAN to the outside world
which one do you want? They are different and somewhat tricky problems,
due to the way in which ftp works by default ("active" ftp). This kind of
problems is (very!) much simpler with the stateful and "intelligent"
firewalling capabilities of the new stable Linux kernel branch (2.4.x)
than with (stateless) firewalling of the 2.2.x kernels (unless you run an
user space stateful firewall utility such as spf, packaged for Debian
unstable but easily compilable from sources on potato).
I would not recommend allowing the outside world authorized ftp to a host
in your protected LAN: username and passwords are sent unencrypted, and a
sniffing "bad guy" could easily steal access to an (unprivileged) user
account to your ftp server. The bad guy avoids doing anything suspicious,
and patiently waits. Then, as soon as a local exploit is found to which
that computer is vulnerable, the bad guy becomes root...
Allowing only anonymous access is somewhat less risky (but still risky),
since you do not need to set up a full shell account for it and the only
way for an intruder to break in through it is through a security flaw in
the ftp daemon itself.
Bye
Giacomo
_________________________________________________________________
Giacomo Mulas <gmulas@ca.astro.it, giacomo.mulas@tin.it>
_________________________________________________________________
OSSERVATORIO ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)
Tel.: +39 070 71180 216 Fax : +39 070 71180 222
_________________________________________________________________
"When the storms are raging around you, stay right where you are"
(Freddy Mercury)
_________________________________________________________________
Reply to:
- Follow-Ups:
- Re: ftp
- From: Michael Wood <wood@kingsley.co.za>
- References:
- ftp
- From: Konrad Mader <konrad.mader@gmx.de>