Mailinglist Archive: opensuse (3378 mails)

< Previous Next >
Re: [SLE] passive ftp
.
In practice, I have never had problems with this when connecting to *nix
servers, but always have to take down my firewall when connecting to Winduhs
machines.


On Tuesday, 23 April 2002 10:49, you wrote:
> On Tuesday 23 April 2002 17:40, Michael Garabedian wrote:
> > It has something to do with the ports...
> > Passive and active use two different ports, Find out what passive uses
> > and make sure it is set up to accept it.
>
> Active ftp means that the data connection is established from port 20 on
> the server to a high port (> 1023) on the client. This means that the
> client has to open up its firewall to high port connections, which can
> potentially be a security hole.
>
> Passive ftp on the other hand means that the data connection is established
> from the client to a high port on the server. This means that the client
> never has to accept inbound connections, and therefore won't have to open
> his firewall.
>
> On the other hand, the server will have to open *its* high ports.
> Theoretically, you should only have to put "ftp-data" in the
> "FW_ALLOW_INCOMING_HIGHPORTS_TCP" section of firewall.rc.config, but that
> has never worked for me. Put "yes" there and everything should work as
> intended, though make sure you don't have other things running on the
> server that listens to high ports, such as X.
>
> regards
> Anders

< Previous Next >
Follow Ups