Daniel Crichton wrote: > > But disabling [ftp pixups] also stops me from allowing active > FTP should I need to set up my own FTP server - not > necessarily a bad thing though.
Well, the flip side of the coin is that, for servers, active mode the better one, security-wise, and passive mode is the problematic one (and also the one that requires application layer magic). But then again, you can usually lock down your servers a whole hell of a lot more, including hardcoding the range of dynamic ports to use in passive mode, and just allow inbound traffic through the firewall to those ports, untranslated. (Assuming you bind a public IP to your FTP server, or have an FTP server that can be configured to lie about its IP address.) -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 �RNSK�LDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit" _______________________________________________ Firewalls mailing list [EMAIL PROTECTED] http://lists.gnac.net/mailman/listinfo/firewalls
