[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bloody ftpd connection again

To: Darren Spruell <Darren_Spruell@sento.com>
Subject: Re: bloody ftpd connection again
From: Jedi/Sector One <j@pureftpd.org>
Date: Mon, 4 Feb 2002 19:37:43 +0059
Cc: misc@openbsd.org
Content-Disposition: inline
References: <4659640DC387B948ADEC59D024A7D9841B761D@mail3.sento.com>
User-Agent: Mutt/1.3.25i

On Mon, Feb 04, 2002 at 11:23:15AM -0700, Darren Spruell wrote:
> Someone else suggested making sure that 20 and 21 are open on the
> firewall; I don't have  a firewall, only a Cisco 678 DSL router with 20
> and 21 TCP redirected into the LAN to the FTP server.  Both are open.

  No need to open port 20. Port 20 is a source port for outgoing
connections, no one from the internet should ever connect to port 20 of your
server.
  Port 21 is mandatory. But not enough. In passive mode, the server chooses
a random port (from 1024 to 65535) to send the data. You have to redirect
all these ports. You can also restrict the range, and only redirect the same
ports.

-- 
 __  /*-      Frank DENIS (Jedi/Sector One) <j@42-Networks.Com>     -*\  __
 \ '/    <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>    \' /
  \/  <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>  \/

References:
- bloody ftpd connection again
  - From: "Darren Spruell" <Darren_Spruell@sento.com>

Prev by Date: Re: Security: FreeBSD vs OpenBSD
Next by Date: Re: bloody ftpd connection again
Prev by thread: bloody ftpd connection again
Next by thread: Re: bloody ftpd connection again
Index(es):
- Date
- Thread