On Thu, Sep 01, 2005 at 01:15:54PM +0200, Ansgar -59cobalt- Wiechers wrote:
> Wrong. Port 20/tcp on the server is *only* needed for *active* FTP (and
> would then have to be a --sport anyway, since the server initiates the
> data connection). Passive FTP uses TCP ports above 1023 for the data
> connection, which is initiated by the client. However, with connection
> tracking enabled, you only need to allow 21/tcp for either active and
> passive FTP, since the data connection will be RELATED to the already
> ESTABLISHED control connection.
I stand corrected. I somehow assumed that outbound connections would be
allowed to any port. But that doesn't make sense and was quite ignorant
to everything written in the this thread, sorry.
--
Stephan
--
To UNSUBSCRIBE, email to debian-firewall-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
No comments:
Post a Comment