From owner-freebsd-questions Fri Sep 6 9: 3:21 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A342037B400 for ; Fri, 6 Sep 2002 09:03:19 -0700 (PDT) Received: from pacific.boldfish.com (mail.boldfish.com [65.206.203.11]) by mx1.FreeBSD.org (Postfix) with ESMTP id 313E043E6A for ; Fri, 6 Sep 2002 09:03:19 -0700 (PDT) (envelope-from dave@boldfish.com) Received: from hat-trick.boldfish.com (hat-trick.boldfish.com [192.168.0.10]) by pacific.boldfish.com (8.11.6/8.11.1) with ESMTP id g86G3IY03562; Fri, 6 Sep 2002 09:03:18 -0700 Date: Fri, 6 Sep 2002 09:02:07 -0700 (PDT) From: Dave Young To: Drew Tomlinson Cc: FreeBSD Questions Subject: Re: How To Set Passive FTP Port Range? In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ack... > 1024 On Fri, 6 Sep 2002, Dave Young wrote: > ahh, I see, the part I'm missing is passive opens up a < 1024 for the > client: > > The result of this is that the server then opens a random unprivileged > port (P > 1024) and sends the PORT P command back to the client. The > client then initiates the connection from port N+1 to port P on the > server to transfer data. > > > > So, and in my case, using a firewall w/ connection tracking would allow > you to keep the high ports closed, as the firewall would open it up just > for that client just for that session. Anyone? is that correct? > > > On Fri, 6 > Sep 2002, Dave Young wrote: > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message