On Friday 06 July 2001 02:10, Steven Hatfield wrote:
On Thursday 05 July 2001 08:08 pm, Anders Johansson wrote:
You need to allow high incoming tcp ports.
Active ftp is the kind that uses port 20. When the client requests data, like in 'ls' or 'get', the server will open a connection from port 20 to the client. This way, the client will have to open up *its* firewall.
Passive ftp is considered safer - for the client, not necessarily for the server. There, the client tells the server which port to use, and it will open the connection itself, so all the client ever sees are outgoing connections.
Regards Anders
On Friday 06 July 2001 01:44, Steven Hatfield wrote:
Hi all, I was wondering: how do you handle the allowing of passive FTP connections through a firewall? Maybe I'm just not doing something right. Right now, I have port 21 open on my firewall, so people can connect to me via FTP. I read somewhere that passive FTP uses port 20 for the data connection, so I opened that as well. Still, when people connect to my server, they type 'ls -l' and it just hangs until they kill it -- ie. there is no data coming back to them.
Any help is appreciated, my firewall iptables script is available upon request.
Thanks, Steven
When you say "high incoming ports", which ports are you talking about? From which to which? I suppose this is safe, as long as I don't allow high OUTGOING ports, right?
Thanks for any help/advice, Steven
High ports are those numbered > 1023. The setting in firewall.rc.config is called FW_ALLOW_INCOMING_HIGHPORTS_TCP. Outgoing high ports should never be a problem, unless you have serious issues about your users accessing the internet. Every time you use, say, a browser, it will open a high outgoing tcp port to access the net. Anders