Mailinglist Archive: opensuse (3378 mails)

< Previous Next >
Re: [SLE] passive ftp
  • From: Anders Johansson <andjoh@xxxxxxxxxxxxxxxxxxxxx>
  • Date: Tue, 23 Apr 2002 17:49:27 +0200
  • Message-id: <200204231749.27349.andjoh@xxxxxxxxxxxxxxxxxxxxx>
On Tuesday 23 April 2002 17:40, Michael Garabedian wrote:
> It has something to do with the ports...
> Passive and active use two different ports, Find out what passive uses
> and make sure it is set up to accept it.

Active ftp means that the data connection is established from port 20 on the
server to a high port (> 1023) on the client. This means that the client has
to open up its firewall to high port connections, which can potentially be a
security hole.

Passive ftp on the other hand means that the data connection is established
from the client to a high port on the server. This means that the client
never has to accept inbound connections, and therefore won't have to open his
firewall.

On the other hand, the server will have to open *its* high ports.
Theoretically, you should only have to put "ftp-data" in the
"FW_ALLOW_INCOMING_HIGHPORTS_TCP" section of firewall.rc.config, but that has
never worked for me. Put "yes" there and everything should work as intended,
though make sure you don't have other things running on the server that
listens to high ports, such as X.

regards
Anders

< Previous Next >
Follow Ups
References