[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bloody ftpd connection again
- To: "Jedi/Sector One" <j@pureftpd.org>
- Subject: Re: bloody ftpd connection again
- From: "Darren Spruell" <Darren_Spruell@sento.com>
- Date: Mon, 4 Feb 2002 11:45:00 -0700
- Cc: <misc@openbsd.org>
- content-class: urn:content-classes:message
- Thread-Index: AcGtq4HQ1aZzbZ2UQU2Fr7SCAwevaQAAFIIw
- Thread-Topic: bloody ftpd connection again
thanks. I realize this doesn't apply to this list, but does anyone know
the correct syntax for this redirect on a Cisco 678 (CBOS)?
--
Darren Spruell
Sento IS Dep't
darren_spruell@sento.com <mailto:darren_spruell@sento.com>
-----Original Message-----
From: Jedi/Sector One [mailto:j@pureftpd.org]
Sent: Monday, February 04, 2002 11:39 AM
To: Darren Spruell
Cc: misc@openbsd.org
Subject: Re: bloody ftpd connection again
On Mon, Feb 04, 2002 at 11:23:15AM -0700, Darren Spruell wrote:
> Someone else suggested making sure that 20 and 21 are open on the
> firewall; I don't have a firewall, only a Cisco 678 DSL router with
20
> and 21 TCP redirected into the LAN to the FTP server. Both are open.
No need to open port 20. Port 20 is a source port for outgoing
connections, no one from the internet should ever connect to port 20 of
your
server.
Port 21 is mandatory. But not enough. In passive mode, the server
chooses
a random port (from 1024 to 65535) to send the data. You have to
redirect
all these ports. You can also restrict the range, and only redirect the
same
ports.
--
__ /*- Frank DENIS (Jedi/Sector One) <j@42-Networks.Com> -*\
__
\ '/ <a href="http://www.PureFTPd.Org/"> Secure FTP Server </a>
\' /
\/ <a href="http://www.Jedi.Claranet.Fr/"> Misc. free software </a>
\/