-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 31 March 2004 11:43 pm, bascule wrote: > well i'm no expert but it looks like you are using 'active ftp', you > connect to the server on port 21 and the server connects back to you from > port20 to a random high port for the data transfer, of course you don't > know in advance what that port might be > i got round this by telling my ftp server to accept passive connections, > and then specified to the server what range of high ports it should offer > to the client, then when a client connects on port21 it is given a port to > make another connection on for the data transfer, of course then all one > has to do is open that range of ports oin the firewall for incoming > connections > > now it may be possible to configure an 'active' setup to only connect back > on certain ports, i wouldn't know, but the above solution was the one > profferred to me a few years ago > > bascule
Bascule, I haven't tried to see the proftpd's config, but from googling, I found this rules that open high port. #ACTION SOURCE DEST PROTO DEST SOURCE ORIGINAL # PORT PORT(S) DEST ACCEPT net fw udp 53 - ACCEPT net fw tcp 80,443,53,22,20,21,25,109,110,143,783,993,10000,1024:65535 - #LAST LINE -- ADD YOUR ENTRIES BEFORE THIS ONE -- DO NOT REMOVE I can now FTP-ing into the server. But, is it safe? I mean by accepting all those connections in high port range? When I nmap the server, there are a lot of ports showed with status 'closed' instead of just a few ports in the previous shorewall setting. - -- Fajar Priyanto | Reg'd Linux User #327841 | http://linux.arinet.org 08:25:27 up 30 min, Mandrake Linux release 9.2 (FiveStar) for i586 public key: https://www.arinet.org/fajar-pub.key -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAa3Atkp5CsIXuxqURArKnAKDIbKFazZOi6TRWhJPijMMTZONp0ACfTrhk oN+kNSibpJ6hkGKyC0Xu1rA= =Hxgo -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________