Best way to enable passive FTP server?

Discussion in 'LnS English Forum' started by galneon, Jul 9, 2006.

Thread Status:
Not open for further replies.
  1. galneon

    galneon Registered Member

    Joined:
    Jul 9, 2006
    Posts:
    2
    I don't even know where to begin with writing a rule to allow me to run a passive ftp server. Has anyone written a secure one? Is that even possible? Passive requires you to open just about every port in existence. I saw a thread about the same thing here from 2003, but it went unanswered :/
     
  2. Frederic

    Frederic LnS Developer

    Joined:
    Jan 9, 2003
    Posts:
    4,354
    Location:
    France
    Hi,

    Normally in PASV mode the client will connect to ports 20 & 21, so opening these ports and allowing incoming connection on them should work.

    Usually, the problems are more in active mode.

    Regards,

    Frederic
     
  3. StriderSkorpion

    StriderSkorpion Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    54
    From what I've read about passive mode and my experiences, it actuallly require more ports to be open. In active mode (with an FTP client at least), the user needs to allow the server to connect back onto port 20 and the client needs to be able to access the server's port 21. With passive mode, the client needs to be able access port 21 and the ports the server has designated for passive connections, which can be just about any port >1023. The common ports rule in the enhanced ruleset should work with passive mode. This should be safe as long as the ports aren't open for unintiated (on your end) connections.
     
  4. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    As it had been mentioned, no additional rules required for PASSIVE FTP unless user made changes to rule ‘TCP : Authorize most common Internet services’ in EnhancedRulesSet
     
Thread Status:
Not open for further replies.