Vick Khera wrote:
I'm trying to figure out how to make my ftp service pass the PCI
security compliance (we take credit cards, so need the compliance). I
have pfSense 1.2.2 running the ftp proxy to my internal box, which is
a FreeBSD 7.2 server running the stock ftpd.
A probe from the outside looks like this:
telnet 66.250.193.115 21
USER anonymous
PASS word
PORT 66,250,193,115,21,178
and it responds
200 PORT command successful.
In fact, it responds successful to connect to any IP and any port.
If I telnet to port 21 from inside the lan to the same freebsd server
and issue a PORT command to any host other than the one from where I
am connecting I get:
500 Illegal PORT range rejected.
The FreeBSD ftpd's PORT command by default is limited to privileged
ports on the same host as is connected to it.
I do not believe pftpx has setting this. I would disable ftp-helper on
WAN and use NAT port-forwarding top you FreeBSD ftp-server (I use
pfSense in this way).
Evgeny.
---------------------------------------------------------------------
To unsubscribe, e-mail: support-unsubscr...@pfsense.com
For additional commands, e-mail: support-h...@pfsense.com
Commercial support available - https://portal.pfsense.org
