Ghostwall Rules to allow passive for FTP server

Hello,
I have a Windows XP x64 machine as a FTP server.
The original firewall do not work for me. So, I've install Ghostwall.
Good news it works! Bad news - I do not know how to setup the rules
to allow passive mode for FTP server. I have some client who can use
my FTP server in passive mode only..

Currently, I've enabled rule for incoming TCP traffic like:
TCP "Any Remote IP" "Any Remote Port" "Local IP" "Port 21"

For the passive mode it is not enough.

Please help me out!

 

Hi Victor #N,

For active you need

[outbound] any local port - to - remote port 21
[inbound] remote port 20 - to - any local port

For passive

[outbound] any local port - to - remote port range 1024-65535
[inbound] remote port range 1024-65535 - to - any local port

i have those set my firewall,but i disable the inbound ones untill i need them.

 

@tonyjl:

Maybe I do not understand what you are doing with your Passive FTP settings - but, if you open remote TCP ports 1024-65535 from any remote IP to any local port you are pretty much WIDE OPEN to attack......unless I'm just missing something, which I frequently do.....

 

Must of missed that bit

 

Thanks guys!

I solved this one
I specified the port range for the FTP server: 3000-3999.
And allowed incoming traffic to these TCP port from any remote systems.
Both modes passive and active are up and running.

 

For some distinct reason I am under the impression that passive ftp requires:

inbound, src:0.0.0.0/21, des:0.0.0.0/21, allow
outbound, src:0.0.0.0/1024-65535, des:0.0.0.0/1024-65535, allow

??