HiHO...
what are recommended ways of securing ftp access from internal networks to the internet?
the most important thing ist to disable active ftp and only allow passive mode. so you can filter it with ipchains, when you allow outgoing packets with and without ack-bit set to port 20 and 21 and incoming packets from port 20 and 21 *with* ack-bit set. stephan ____________________________________________________________ | .~. s.martin@odn.de | | /V\ fon +49(0)911.2256 03 | | /( )\ fax +49(0)911.2256 06 | | ^`~'^ mobile +49(0)173.380 43 12 | | pgp: http://www.xhponozon.com/keys/stephan.asc | |___________________________________________________________|