Ghostwall Rules to allow passive for FTP server

Discussion in 'Other Ghost Security Software' started by Victor #N, Dec 9, 2005.

Thread Status:
Not open for further replies.
  1. Victor #N

    Victor #N Guest

    Hello,
    I have a Windows XP x64 machine as a FTP server.
    The original firewall do not work for me. So, I've install Ghostwall.
    Good news it works! Bad news - I do not know how to setup the rules
    to allow passive mode for FTP server. I have some client who can use
    my FTP server in passive mode only..

    Currently, I've enabled rule for incoming TCP traffic like:
    TCP "Any Remote IP" "Any Remote Port" "Local IP" "Port 21"

    For the passive mode it is not enough.

    Please help me out!
     
  2. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287
    Hi Victor #N,

    For active you need

    [outbound] any local port - to - remote port 21
    [inbound] remote port 20 - to - any local port

    For passive

    [outbound] any local port - to - remote port range 1024-65535
    [inbound] remote port range 1024-65535 - to - any local port

    i have those set my firewall,but i disable the inbound ones untill i need them. :ninja:
     
  3. galileo

    galileo Registered Member

    Joined:
    Dec 10, 2005
    Posts:
    65
    @tonyjl:

    Maybe I do not understand what you are doing with your Passive FTP settings - but, if you open remote TCP ports 1024-65535 from any remote IP to any local port you are pretty much WIDE OPEN to attack......unless I'm just missing something, which I frequently do.....
     
  4. tonyjl

    tonyjl Registered Member

    Joined:
    May 25, 2004
    Posts:
    287



    Must of missed that bit :rolleyes:
     
  5. Victor #N

    Victor #N Guest

    Thanks guys!

    I solved this one:)
    I specified the port range for the FTP server: 3000-3999.
    And allowed incoming traffic to these TCP port from any remote systems.
    Both modes passive and active are up and running.
     
  6. justT3sting

    justT3sting Guest

    For some distinct reason I am under the impression that passive ftp requires:

    inbound, src:0.0.0.0/21, des:0.0.0.0/21, allow
    outbound, src:0.0.0.0/1024-65535, des:0.0.0.0/1024-65535, allow

    ??
     
Thread Status:
Not open for further replies.