Ghostwall Rules to allow passive for FTP server

Discussion in 'Other Ghost Security Software' started by Victor #N, Dec 9, 2005.

Thread Status:
Not open for further replies.
  1. Victor #N

    Victor #N Guest

    Hello,
    I have a Windows XP x64 machine as a FTP server.
    The original firewall do not work for me. So, I've install Ghostwall.
    Good news it works! Bad news - I do not know how to setup the rules
    to allow passive mode for FTP server. I have some client who can use
    my FTP server in passive mode only..

    Currently, I've enabled rule for incoming TCP traffic like:
    TCP "Any Remote IP" "Any Remote Port" "Local IP" "Port 21"

    For the passive mode it is not enough.

    Please help me out!
     
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Victor #N,

    For active you need

    [outbound] any local port - to - remote port 21
    [inbound] remote port 20 - to - any local port

    For passive

    [outbound] any local port - to - remote port range 1024-65535
    [inbound] remote port range 1024-65535 - to - any local port

    i have those set my firewall,but i disable the inbound ones untill i need them. :ninja:
     
  3. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    66
    @tonyjl:

    Maybe I do not understand what you are doing with your Passive FTP settings - but, if you open remote TCP ports 1024-65535 from any remote IP to any local port you are pretty much WIDE OPEN to attack......unless I'm just missing something, which I frequently do.....
     
  4. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287



    Must of missed that bit :rolleyes:
     
  5. Victor #N

    Victor #N Guest

    Thanks guys!

    I solved this one:)
    I specified the port range for the FTP server: 3000-3999.
    And allowed incoming traffic to these TCP port from any remote systems.
    Both modes passive and active are up and running.
     
  6. justT3sting

    justT3sting Guest

    For some distinct reason I am under the impression that passive ftp requires:

    inbound, src:0.0.0.0/21, des:0.0.0.0/21, allow
    outbound, src:0.0.0.0/1024-65535, des:0.0.0.0/1024-65535, allow

    ??
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.