Hi,
what are recommended ways of securing ftp access from internal networks to the internet?
Regards, Jochen
On 1 Mar 2000, Jochen Lillich wrote:
Hi,
what are recommended ways of securing ftp access from internal networks to the internet?
The FTP-Proxy from the SuSE Proxy-Suite: http://proxy-suite.suse.de/ can be used for this purpose (look at config option AllowMagicUser)
Regards, Jochen
Volker
-- Volker Wiegand Phone: +49 (0) 6196 / 50951-24 SuSE Linux AG Fax: +49 (0) 6196 / 40 96 07 Mergenthalerallee 45-47 Mobile: +49 (0) 179 / 292 66 76 D-65760 Eschborn E-Mail: Volker.Wiegand@suse.de ++ Only users lose drugs. Or was it the other way round? ++
HiHO...
what are recommended ways of securing ftp access from internal networks to the internet?
the most important thing ist to disable active ftp and only allow passive mode.
so you can filter it with ipchains, when you allow outgoing packets with and without ack-bit set to port 20 and 21 and incoming packets from port 20 and 21 *with* ack-bit set.
stephan
____________________________________________________________ | .~. s.martin@odn.de | | /V\ fon +49(0)911.2256 03 | | /( )\ fax +49(0)911.2256 06 | | ^`~'^ mobile +49(0)173.380 43 12 | | pgp: http://www.xhponozon.com/keys/stephan.asc | |___________________________________________________________|
HiHO...
what are recommended ways of securing ftp access from internal networks to the internet?
what i did forget in my last mail- you should not only filter, you should use a proxy and not allow masquerading...
so far...
____________________________________________________________ | .~. s.martin@odn.de | | /V\ fon +49(0)911.2256 03 | | /( )\ fax +49(0)911.2256 06 | | ^`~'^ mobile +49(0)173.380 43 12 | | pgp: http://www.xhponozon.com/keys/stephan.asc | |___________________________________________________________|
-
Jochen Lillich -
Stephan Martin -
Volker Wiegand