On Wed, 22 Oct 2008 12:13:30 -0700
Jeremy Chadwick <[EMAIL PROTECTED]> wrote:

>  Inbound: TCP port 21                 (main ftpd daemon)
>  Inbound: TCP ports 49152 to 65535    (used in FTP passive mode)
> Outbound: TCP port 20                 (used in FTP active mode)
> 
> Yes, you read that range correctly.  And yes, it's quite large.  Yes,
> there is a way to diminish it, but it will affect other programs on
> FreeBSD, so I do not recommend adjusting it.  It's controlled by
> sysctls.  See the -U option of ftpd, but note that it doesn't do
> anything for FreeBSD 5.0 or later.

as far as I remember, FTP servers (with the not so unexpected exception of MS
IIS' FTP service) can be configured to listen on specific ports for passive
transfers.

If you don't have a busy server, a few ports ( 10 ? ) would do. Then you can
firewall it as needed. 

This is, of course, an application (service ) configuration as opposed to what
Jeremy mentioned, I believe , which relies on the servers "high ports"
definition, which yes, will affect the whole tcp stack in the server.

B
_________________________
{Beto|Norberto|Numard} Meijome

 I sense much NT in you.
 NT leads to Bluescreen.
 Bluescreen leads to downtime.
 Downtime leads to suffering.
 NT is the path to the darkside.
 Powerful Unix is.

I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to