[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Passive FTP [was: Yudit text-editor]
Alex Shnitman wrote:
> On the contrary. Normal FTP ("active") is when the client listens on a
> port, and tells the server to connect to it. For this to work the
> server should be allowed to go out to any port of a remote machine,
> which is OK. Passive FTP is when the _server_ listens on an arbitrary
> port and tells the client to connect to it. For this you have to allow
> incoming connections to any port on your firewall, which you _do not_
> want to (you usually deny everything and open certain ports such as
> 25, 80, {20,21} and so on).
This is not completely true. I don't know about other
firewalls, but Checkpoint's Firewall-1 has code which
handles passive FTP by examining the control connection
commands, so you don't have to open all ports.
--
Yuval El-Hanany | Kawasaki GPZ500 '97 |
eyuval@netvision.net.il| | Have
backpack,
Home : 972-3-5243488 | Debian Linux Inside | will
travel
Work : 972-9-9586077-12| |