Comments on: Creating firewall rules to allow FTP connections http://itknowledgeexchange.techtarget.com/itanswers/creating-firewall-rules-to-allow-ftp-connections/ Sun, 19 May 2013 03:14:28 +0000 hourly 1 By: The Most-Watched IT Questions: June 7, 2011 - ITKE Community Blog http://itknowledgeexchange.techtarget.com/itanswers/creating-firewall-rules-to-allow-ftp-connections/#comment-92988 The Most-Watched IT Questions: June 7, 2011 - ITKE Community Blog Tue, 07 Jun 2011 06:42:14 +0000 #comment-92988 [...] 2. Jinteik and Petkoa gave some pointers for creating firewall rules to allow FTP connections. [...]

]]> By: petkoa http://itknowledgeexchange.techtarget.com/itanswers/creating-firewall-rules-to-allow-ftp-connections/#comment-92627 petkoa Wed, 25 May 2011 17:25:04 +0000 #comment-92627 Allowing FTP through a firewall is a tricky beast – Linux Kernel Netfilter Subsystem has a special helper for FTP tracking, since FTP protocol is quite specific: control connection is opened from ANY tcp port on the client to tcp port 21 on the server; after that for any transfer (even dir listing) a data connection is negotiated – from tcp port 20 to ANy port of the client; the passive transfer is alway initiated by the client, but a negotiating goes on all the same… So, the firewall helper reads the packet contents, where the connection ports are negotiated and dynamically opens them…

Why don’t consider using sftp – just open tcp port 22 to the client IPs and you get a secure transfers as a bonus…

]]> By: jinteik http://itknowledgeexchange.techtarget.com/itanswers/creating-firewall-rules-to-allow-ftp-connections/#comment-92583 jinteik Wed, 25 May 2011 01:56:38 +0000 #comment-92583 usually if lets say point A(external) comes into your network, you will know the IP and also the port that is used and that will come into ur network then into your servers.

]]>