On Tuesday 28 May 2002 18:43, Ramin Alidousti wrote: <SNIP> > Say it again! "Passive ftp requires...both incoming and outgoing" ??? > > 1) Passive does not require both incoming and outgoing. Only outgoing > for your clients and incoming if you have a server inside. > I meant 'you have to allow traffic out (to establish to connection) and in (to receive the responses / data). > 2) You actually don't need to explicitly open all 'high' ports, 1024 > upwards. Use the state "RELATED" instead. That's why netfilter has > this cool notion anyway. If you use the -m state without specifying -p and --sport and/or --dport, then doesn't that imply any port that matches the state you specified? > > Ramin > > > Yes, but with Passive you get two connections opened outbound, which the > > ftp module should be able to keep track of anyway so you won't need to > > open all the high ports; which IMHO is better than Active, when a > > connection is opened back into the client from the server. > > With active there are also two connections (20=data and 21=control) > > <HUGE snip>
-- ---------------------------------------- Ray Leach (Technical Network Specialist) Knowledge Factory www: http://www.knowledgefactory.co.za Tel: +27-11-445-8100 Direct: 445-8263 Fax: +27-11-445-8101 "No matter where you go, there you are." ----------------------------------------
