In the wise words of Renaud Chaillat:
> Le Mercredi 18 Avril 2001 10:30, vous avez écrit :
> > > - open tcp port 21 and all high ports (> 1024) on the firewall to allow
> > > passive clients
> > >
> > For option 2, it's not quite so bad. You can tell the FTP server to only
> > use the following ports, say 40000-50000, for passive connections. Then
> > you only have to open the firewall for those ports.
> >
>
> Yes, you're right, I had forgotten this :-)
>
> I hope kernel 2.4 will stabilize soon so that we can forget about all this !
Me too! It seems likely that they'll figure out what's broken within the next
few releases of 2.4.x. I was not very happy about the vulnerability
announcement in 2.4's firewalling -- I was also not surprised by it.
- Jay
