Hello, As far as Iptables goes you have ful support for passive mode ftp via conntrack ftp module. Just use state matching (established, related) and passive mode will work fine. As far as seccurity goes I don`t think there is much diffrence between using the conntrack ftp module or just allowing port 21 and 22 access to your ftp machine. Concentrate more on your ftp settings if you`re conserned about seccurity.
And just in case I didn`t understand you correctly and your not Even running a ftp server, just wondering about clients going out To the internet and connecting to different ftp servers, just go with passive mode. Conntrack and match should enable you to build a more clean/fit firewall. Anyways, I think most of the info about it you`d need is on netfilter.samba.org website. Regards, Amadej. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Arman Magluyan Sent: Sunday, May 26, 2002 8:20 AM To: [EMAIL PROTECTED] Subject: Active or Passive FTP ? Can anyone please direct me to some on-line information that would tell me which one of the above subject is secured. I have ftp clients access internet, and would like to know if it is secure giving them active or passive ftp. Would appreciate any suggestion or on-line info. __________________________________________________ Do You Yahoo!? Yahoo! - Official partner of 2002 FIFA World Cup http://fifaworldcup.yahoo.com
