On Thu, Sep 01, 2005 at 01:15:54PM +0200, Ansgar -59cobalt- Wiechers wrote: > Wrong. Port 20/tcp on the server is *only* needed for *active* FTP (and > would then have to be a --sport anyway, since the server initiates the > data connection). Passive FTP uses TCP ports above 1023 for the data > connection, which is initiated by the client. However, with connection > tracking enabled, you only need to allow 21/tcp for either active and > passive FTP, since the data connection will be RELATED to the already > ESTABLISHED control connection.
I stand corrected. I somehow assumed that outbound connections would be allowed to any port. But that doesn't make sense and was quite ignorant to everything written in the this thread, sorry. -- Stephan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
