Date: Tue, 13 Dec 2005 10:11:33 -0500 From: "fbsd_user" <fbsd_user@a1poweruser.com> To: "Pietro Cerutti" <pietro.cerutti@gmail.com>, "Imran Imtiaz" <imran@thelakecity.com.pk>, "FreeBSD" <freebsd-questions@freebsd.org> Subject: RE: ftp problem Message-ID: <MIEPLLIBMLEEABPDBIEGKEBHHKAA.fbsd_user@a1poweruser.com> In-Reply-To: <e572718c0512130609i2dea44c2g11593aaee4429e43@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Opening the high order ports is a security risk. This is a long standing problem with the FTP protocol. If you are going to have a FTP server on your FBSD box being accessible from the public internet, you should be using the built in FTP proxy in ipfilter firewall. The ftp proxy option only opens the single ftp data high order port number being used. This is much more sure than exposing all the high order ports. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Pietro Cerutti Sent: Tuesday, December 13, 2005 9:09 AM To: Imran Imtiaz; FreeBSD Subject: Re: ftp problem On 12/13/05, Imran Imtiaz <imran@thelakecity.com.pk> wrote: > they are comming on xl0 interface Then you should enable in/outbound traffic on your xl0 interface, for the ports from 49152 through 65535, used for the data-channel connection. -- Pietro Cerutti <pietro.cerutti@gmail.com> Beansidhe - SwiSS Death / Thrash Metal <www.beansidhe.ch> Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?MIEPLLIBMLEEABPDBIEGKEBHHKAA.fbsd_user>