On Sunday 14 April 2002 3:07 pm, Tony Earnshaw wrote: > > > My question is: What are ports 2 & 3 on the FTP server for? Why would > > > PureFTPD want to use ports 2 & 3? They're not listed in /etc/services > > > > /etc/services lists destination ports, not source ports. > > > > A machine can use whatever source port it likes for contacting a server - > > it's the destination port number which determines what the service is. > > The point was supposed to be, that ports 2 & 3 are not "well known" > ports, and what are they being used for here?
The reason is simple - only *destination* ports are "well-known". Source ports can be anything - they have absolutely no meaning. > A more logical (paranoid) approach from my side, would be to open up tcp > from ports 2 & 3 for just this server. Are you saying that you have rules blocking the *source* port for other services ? I don't understand how you can have, since the source port is quite unpredictable for most connections. > So, are there many FTP servers who demand that ports 2 & 3 are open for > FTP LS? I have no idea - I simply allow the reverse connections for FTP access to come in using my ESTABLISHED, RELATED rule in the FORWARDing chain, and never bother about what the actual port number are. Does this explain it better ? Antony.
