RE: Passive FTP

From: Roberto Alcantara (roberto_at_fortalnet.com.br)
Date: 06/01/05

Next message: Nathan House: "Credit Card Crack Down"

Previous message: Harlan Carvey: "re: aretzj.exe -- reappearing unknown system file"
In reply to: Tim.BUTTON_at_Dest.gov.au: "RE: Passive FTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 1 Jun 2005 08:31:46 -0300 (BRT)
To: security-basics@securityfocus.com

Thank you of your and all others answers.

I will look more about proftp and vftp config to see about IP range to
passive mode.

Best regards,
Roberto Alcântara

On Wed, 1 Jun 2005 Tim.BUTTON@dest.gov.au wrote:

>
> It will depend on if your firewall does stateful inspection or not and
> how it handles FTP in general. FW1, Gauntlet, Sidewinder and Cyberguard
> all inspect the FTP traffic and are able to recognise the outgoing data
> connection from the client to the server - therefore, the only rule you
> need to add is the one to allow the client to go outbound to the server
> on 21. I'm unsure about devices such as Pix.
>
> FWIW, I've found most devices actually handle passive better than they
> do active....
>
> Cheers
> Tim
>
>
>
> -----Original Message-----
> From: Roberto Alcantara [mailto:roberto@fortalnet.com.br]
> Sent: Tuesday, 31 May 2005 23:09
> To: security-basics@securityfocus.com
> Subject: Passive FTP
>
> Guys, to able my FTP users in passive mode need I realy accept in my
> firewall connections from 1024-65535 ports ?
>
> Best regards,
> Roberto
>
>
> Notice:
> The information contained in this e-mail message and any attached files may
> be confidential information, and may also be the subject of legal
> professional privilege. If you are not the intended recipient any use,
> disclosure or copying of this e-mail is unauthorised. If you have received
> this e-mail in error, please notify the sender immediately by reply e-mail
> and delete all copies of this transmission together with any attachments.
>
>
>

-- 
   Roberto Alcantara Filho          e-mail:  roberto@fortalnet.com.br
   Técnico de CPD , FORTALNET       url:  http://www.fortalnet.com.br
   Provedor de Acesso à Internet    fone/fax:      (+55) 85 4005 8000

Next message: Nathan House: "Credit Card Crack Down"

Previous message: Harlan Carvey: "re: aretzj.exe -- reappearing unknown system file"
In reply to: Tim.BUTTON_at_Dest.gov.au: "RE: Passive FTP"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: FTP Client issues
... when I use FileZilla or smartFTP, ... 227 Entering Passive Mode. ... > after logging on the FTP server: ... > | Thread-Topic: FTP Client issues ...
(microsoft.public.windows.server.sbs)
Re: FTP on IIS6.0 Not Working
... can you login via ftp.exe to your IIS server? ... >From a remote machine using ftp.exe I can login and it accepts my password. ... (that's without passive mode checked...with passive mode checked it just ... server seem to indicate that I successfully logged in to ftp, ...
(microsoft.public.inetserver.iis.ftp)
Odd ftpd Problem
... My ftpd server fails when requesting passive mode from an internet client, ... I have a separate multi-homed server for the network firewall. ... except for the ftp passive mode. ...
(linux.redhat.misc)
Re: FTP server behind a PF firewall (including NAT)
... > Thank you, but I have a working PF configuration for FTP clients, both ... > for active and passive mode. ... > this firewall) that allows both active mode and passive mode clients. ... > Active-mode transfers are the easiest (again, allow connections to all ...
(comp.unix.bsd.freebsd.misc)
Re: Is ftp://sunsolve.sun.com ok?
... >>but using ftp was not successful, UNTIL i turned passive mode on, then it ... 220-Welcome to the SunSolve Online FTP server. ... 220-Contract customers should use the following 2-tier login procedure: ... 250 CWD command successful. ...
(comp.unix.solaris)