Date: 12 Apr 2001 16:57:46 -0500 From: Kirk Strauser <kirk@strauser.com> To: freebsd-ipfw@freebsd.org Subject: Re: Beating a dead horse - ipfw and FTP Message-ID: <87bsq1hjc5.fsf@pooh.honeypot> In-Reply-To: <200104121916.VAA74511@info.iet.unipi.it> References: <200104121916.VAA74511@info.iet.unipi.it>
next in thread | previous in thread | raw e-mail | index | archive | help
At 2001-04-12T19:16:23Z, Luigi Rizzo <luigi@info.iet.unipi.it> writes: > we have stateful ipfw and passive ftp -- the combination of the two should > give you the protection that you want. Am i wrong ? Unfortunately, yes. The annoying part is that there is no way to tell what port the FTP server will want you to connect to ahead of time: 1. Connect from client to server port 21 2. Ask the server what port to connect to for data transmission 3. Connect from client port 20 to the specified port on the server The old style was even worse: 1. Connect from client to server port 21 2. Connect from server to client port 20 So, there's no way to know what port to open (for step 3 of the first listing) in advance. -- Kirk Strauser To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87bsq1hjc5.fsf>