On Tue, May 28, 2002 at 04:26:32PM +0100, Nick Drage wrote: > On Tue, May 28, 2002 at 07:17:38AM +0200, Raymond Leach wrote: > > Neither active nor passive ftp is secure... both use (by default) plain text > > passwords when authenticating. > > > > Active ftp requires the least number of ports to be opened through your > > firewall, i.e 2 (20 and 21). > > Passive ftp requires (potentially) all 'high' ports, 1024 upwards both > > incoming and outgoing ...
Say it again! "Passive ftp requires...both incoming and outgoing" ??? 1) Passive does not require both incoming and outgoing. Only outgoing for your clients and incoming if you have a server inside. 2) You actually don't need to explicitly open all 'high' ports, 1024 upwards. Use the state "RELATED" instead. That's why netfilter has this cool notion anyway. Ramin > > Yes, but with Passive you get two connections opened outbound, which the ftp > module should be able to keep track of anyway so you won't need to open all > the high ports; which IMHO is better than Active, when a connection is > opened back into the client from the server. > > <HUGE snip>
