/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
David Krassen wrote:
> I am writing about the large amount of questions concerning ftp, ip
> chains and port 20. I was under the impression that once my Red Hat
> Linux box is set up that there would be no trouble receiving files via
> ftp.
correct. until you set up a firewall that prevents it :)
> As for sending files, I only want the box that has the Firewall to
> be able to receive files and then ftp them internally to the correct
> box.
what do you mean by receive files? ftp, rsync, kermit :)
> Of course I am curious as to what the ramifications of opening port 20
port 20 must be open on ftp servers for outgoing connections because that
is the source port that ftp servers use for data connections when engaging
in active ftp. ftp servers need all ports open for incoming connections as
well for passive ftp.
this is only relevant if you are running an ftp server behind a firewall
which you wouldn't want to do because ftp servers are insecurable (all ports
open) and therefore should to live on victim/bastion hosts outside your
firewall. to have an ftp server inside your firewall means giving people who
infiltrate your ftp server access to your internal network. best avoided.
with stateful filtering (linux-2.4) the situation is different and ftp
servers can live safely inside a firewall but only if you really trust
that your ftp server has been securely written.
> David
> [EMAIL PROTECTED]
raf
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
