mailing list archives
RE: Passive FTP
From: <Tim.BUTTON () Dest gov au>
Date: Wed, 1 Jun 2005 08:23:43 +1000 (EST)
It will depend on if your firewall does stateful inspection or not and
how it handles FTP in general. FW1, Gauntlet, Sidewinder and Cyberguard
all inspect the FTP traffic and are able to recognise the outgoing data
connection from the client to the server - therefore, the only rule you
need to add is the one to allow the client to go outbound to the server
on 21. I'm unsure about devices such as Pix.
FWIW, I've found most devices actually handle passive better than they
From: Roberto Alcantara [mailto:roberto () fortalnet com br]
Sent: Tuesday, 31 May 2005 23:09
To: security-basics () securityfocus com
Subject: Passive FTP
Guys, to able my FTP users in passive mode need I realy accept in my
firewall connections from 1024-65535 ports ?
The information contained in this e-mail message and any attached files may
be confidential information, and may also be the subject of legal
professional privilege. If you are not the intended recipient any use,
disclosure or copying of this e-mail is unauthorised. If you have received
this e-mail in error, please notify the sender immediately by reply e-mail
and delete all copies of this transmission together with any attachments.