Any danger from these ports?
Luciano Miguel Ferreira Rocha
strange at nsk.no-ip.org
Wed Jan 12 23:57:10 UTC 2005
On Thu, Jan 13, 2005 at 08:42:05AM +0900, Aaron.Sterr wrote:
> On Wed, 12 Jan 2005, Charles R. Anderson wrote:
>
> > Passive FTP listens on random local ephemeral ports for data
> > connections set up by the 21/tcp control stream. If you are not using
> > a stateful firewall with a FTP helper, then you need to allow incoming
> > TCP connections to whatever range your FTP server uses for passive FTP
> > (defaults to the entire local port range). This is why I have always
> > set up my FTP server similar to this (older box using ipchains):
> >
>
> Passive FTP does NOT use the local ephemeral ports, that is traditional
> FTP behavior. Passive FTP uses the existing TCP connection for both
> the control and data channels, and is easier to firewall.
No. Charles is correct.
If proof needed, use tcpdump.
Regards,
Luciano Rocha
--
1/16
More information about the fedora-test-list
mailing list