Re: A note about firewalls and ftp servers.

From: Peter H. Lemieux (phl@cyways.com)
Date: 09/28/01

• Previous message: Systems Administrator: "Re: Floppy Linuxes, Kickstart"
• Maybe in reply to: Rob 'Feztaa' Park: "A note about firewalls and ftp servers."
• Next in thread: Mark Boddington: "RE: A note about firewalls and ftp servers."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Message-ID: <3BB4DF0C.7A678BD3@cyways.com>
Date: Fri, 28 Sep 2001 16:35:24 -0400
From: "Peter H. Lemieux" <phl@cyways.com>
To: focus-linux@securityfocus.com
Subject: Re: A note about firewalls and ftp servers.

Craig Holmes wrote:
>
> Note that if your firewall is NAT, and your ftp server is on an internal
> computer, and you attempt to forward the port using a program such as
> ipmasqadm, it will not work.

I've successfully used the FTP proxy from SuSE for this task:

        ftp://ftp.suse.com/pub/projects/proxy-suite/

Here's an excerpt from its man page:

FTP-Proxy acts as an application level gateway between FTP clients
and servers. Its main purpose is to secure local FTP servers
against possibly insecure clients or malicious attacks. FTP-Proxy
is believed to be immune against current known attacks based on the FTP
protocol.

FTP-Proxy can be started from the inetd (or xinetd, or any other)
internet super daemon or executed on its own as a standalone
daemon, in which case it will fork child processes to handle
connections. The behaviour depends on the ftp-proxy.conf(5)
configuration option ServerType or the -i and -d command line
switches, where the latter two take precedence.

FTP-Proxy features a rich set of auditing and command restriction
capabilities and is specifically suited for deployment in firewall
environments.

You don't need to be running a SuSE distribution; the package compiles
with ./configure; make install.

Peter

PS: I hate lists where replies go to the poster and not the list!

---

• Previous message: Systems Administrator: "Re: Floppy Linuxes, Kickstart"
• Maybe in reply to: Rob 'Feztaa' Park: "A note about firewalls and ftp servers."
• Next in thread: Mark Boddington: "RE: A note about firewalls and ftp servers."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: FTP server behind a PF firewall (including NAT) ... How did you configure ftp-proxy on your firewall? ... proxying for FTP servers behind a PF firewall configured for NAT, ... "In the social equation, the value of a single life is nil; ... (comp.unix.bsd.freebsd.misc) Re: cant ftp after installing sp2 ... >From his spyware and virus infected Windoze box, Alias had this to say: ... > Download and install Sygate, www.sygate.com and get yourself a real ... > firewall and disable Microsoft's piss poor excuse for one. ... >> ftp servers and works when is turned off. ... (microsoft.public.windowsxp.general) Cant use FTP with WinXpProSp2 firewall on ... With Windows XP Pro, SP2, firewall on, I can not access FTP servers; ... as soon as I turn the firewall off, I can access all the FTP servers I ... (microsoft.public.windowsxp.work_remotely) Cant use FTP with WinXpProSp2 firewall ... With Windows XP Pro, SP2, firewall on, I can not access FTP servers; ... as soon as I turn the firewall off, I can access all the FTP servers I ... (microsoft.public.windowsxp.security_admin) Cant use FTP with Windows XP firewall ... With Windows XP Pro, SP2, firewall on, I can not access FTP servers; ... as soon as I turn the firewall off, I can access all the FTP servers I ... (microsoft.public.windowsxp.configuration_manage)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > focus-linux  > 2001-09