From owner-freebsd-security@FreeBSD.ORG  Sat Aug  2 00:12:12 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id D79E937B401
	for <security@freebsd.org>; Sat,  2 Aug 2003 00:12:12 -0700 (PDT)
Received: from smtp.web.de (smtp02.web.de [217.72.192.151])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 89ADE43FBF
	for <security@freebsd.org>; Sat,  2 Aug 2003 00:12:11 -0700 (PDT)
	(envelope-from Jan.Lentfer@web.de)
Received: from [213.157.24.189] (helo=floundjan.homeip.net)
	by smtp.web.de with esmtp (WEB.DE 4.99 #433)
	id 19iqYk-0002IC-00; Sat, 02 Aug 2003 09:12:10 +0200
Received: from localhost (localhost.lan [127.0.0.1])
	by floundjan.homeip.net (Postfix on FreeBSD 4.5) with ESMTP
	id E91E8A37; Sat,  2 Aug 2003 09:12:08 +0200 (CEST)
Received: by floundjan.homeip.net (Postfix on FreeBSD 4.5, from userid 80)
	id 4F4FCA02; Sat,  2 Aug 2003 07:12:02 +0000 (GMT)
Received: from freebsd-server.lan (freebsd-server.lan [192.168.0.1]) 
	by www-mail.lan (IMP) with HTTP 
	for <jan@localhost>; Sat,  2 Aug 2003 09:12:01 +0200
Message-ID: <1059808321.3f2b6441bbaa5@www-mail.lan>
Date: Sat,  2 Aug 2003 09:12:01 +0200
From: Jan Lentfer <Jan.Lentfer@web.de>
To: Ronan Lucio <ronan@melim.com.br>
References: <00a001c35875$5432f730$3aa8a8c0@melim.com.br>
In-Reply-To: <00a001c35875$5432f730$3aa8a8c0@melim.com.br>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
User-Agent: Internet Messaging Program (IMP) 3.2.1 / FreeBSD-4.8
X-Originating-IP: 192.168.0.1
X-Virus-Scanned: by AMaViS perl-10
Content-Transfer-Encoding: quoted-printable
Sender: Jan.Lentfer@web.de
cc: security@freebsd.org
Subject: Re: FTP
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Aug 2003 07:12:13 -0000

Zitat von Ronan Lucio <ronan@melim.com.br>:

> I usualy permit TCP traffic on ports from 1025 to 65535 of the servers
> that I need to permit FTP access.
>=20
> Is there a more secure way to permit FTP access instead of to
> permit such ports?

What ftp server are you using? If I remember right ProFTPd allows you to =
define
what passive ports to use, eg. 50000-50100 or something like that. Then y=
ou only
open up that ports you defined in proftpd.conf in the firewall.
Or did you mean outgoing ftp traffic?


hth,

Jan