Re: rules for FTP access

To: debian-firewall@lists.debian.org
Subject: Re: rules for FTP access
From: Stephan Balmer <sb@lia.ch>
Date: Thu, 1 Sep 2005 14:38:52 +0200
Message-id: <[🔎] 20050901123852.GA4267@lia.ch>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <[🔎] 20050901131554.A7655@planetcobalt.net>
References: <4315ABA9.2000201@gmail.com> <1125520713.4575.3.camel@localhost.localdomain> <[🔎] 4316A329.9030508@gmail.com> <[🔎] 20050901073115.GA29983@lia.ch> <[🔎] 20050901131554.A7655@planetcobalt.net>

On Thu, Sep 01, 2005 at 01:15:54PM +0200, Ansgar -59cobalt- Wiechers wrote:
> Wrong. Port 20/tcp on the server is *only* needed for *active* FTP (and
> would then have to be a --sport anyway, since the server initiates the
> data connection). Passive FTP uses TCP ports above 1023 for the data
> connection, which is initiated by the client. However, with connection
> tracking enabled, you only need to allow 21/tcp for either active and
> passive FTP, since the data connection will be RELATED to the already
> ESTABLISHED control connection.

I stand corrected. I somehow assumed that outbound connections would be
allowed to any port. But that doesn't make sense and was quite ignorant 
to everything written in the this thread, sorry.

--
Stephan

Reply to:

References:
- Re: rules for FTP access
  - From: Fabrizio Sannicolo' <fabrizio.sannicolo@gmail.com>
- Re: rules for FTP access
  - From: Stephan Balmer <sb@lia.ch>
- Re: rules for FTP access
  - From: Ansgar -59cobalt- Wiechers <lists@planetcobalt.net>

Prev by Date: Re: rules for FTP access
Next by Date: Re: rules for FTP access
Previous by thread: Re: rules for FTP access
Next by thread: Re: rules for FTP access
Index(es):
- Date
- Thread