s�n, 2002-04-14 kl. 16:27 skrev Antony Stone: > Does this explain it better ? > The reason is simple - only *destination* ports are "well-known". > Source ports can be anything - they have absolutely no meaning.
I suppose that this bit does, if I put on my squinting glasses. > > A more logical (paranoid) approach from my side, would be to open up tcp > > from ports 2 & 3 for just this server. > Are you saying that you have rules blocking the *source* port for other > services ? I don't understand how you can have, since the source port is > quite unpredictable for most connections. Not really, no. It's what I allow in that I'm blocking. Destination ports, on my machine. However, as far as I can see, I can perfectly well open all connections from ports 2 & 3 on sunsite.dk. Irrespective of what destination ports they're going to on my machine. Or, I could better get a job looking after cows on Mart van Eyck's farm. Perhaps that's what I should do. Mart's a good friend of mine. > > So, are there many FTP servers who demand that ports 2 & 3 are open for > > FTP LS? > I have no idea - I simply allow the reverse connections for FTP access to > come in using my ESTABLISHED, RELATED rule in the FORWARDing chain, and never > bother about what the actual port number are. Ermmm ... that's what I do. > Does this explain it better ? Perhaps I should improve my English. It's never too late, they say. Best, Tonni Sogning > -- > > Tony Earnshaw > > e-post: [EMAIL PROTECTED] > www: http://www.billy.demon.nl > gpg public key: http://www.billy.demon.nl/tonni.armor > > Telefoon: (+31) (0)172 530428 > Mobiel: (+31) (0)6 51153356 > > GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 > 3BE7B981 > > -- Tony Earnshaw e-post: [EMAIL PROTECTED] www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
signature.asc
Description: Dette er en digitalt signert meldingsdel
