[BlueOnyx:05822] Re: FTP Problems
Patrick Koehne
patrick at koehne-net.de
Sun Nov 14 02:24:39 -05 2010
Hi,
This is quite ok and exactly the problem with FTP since
connection-orientated firewalls:
FTP ist a bidirectional protocol. Most other protocols start a connection
and everything is transmitted within the session initiated from the client.
Therefore the FW can track that connection very easy and one just need the
outbound rule in a FW configuration. But FTP also builds up a second
connection back from the server to the client. This is therefore not within
the first connection from the client to the server. So, some firewalls can
handle that because they inspect the outgoing packets: within the packets
the expected ports are declared so it is possible to build an incoming rule
automaticly for the time of the connection. Some firewalls can't do that and
therefore you need the incoming rule, too.
Visualized it looks like that:
http://de.wikipedia.org/w/index.php?title=Datei:AktivesFTP.png&filetimestamp
=20070118150326
http://slacksite.com/other/ftp.html
Regards,
Patrick
> -----Ursprüngliche Nachricht-----
> Von: blueonyx-bounces at blueonyx.it
> [mailto:blueonyx-bounces at blueonyx.it] Im Auftrag von Andy
> Gesendet: Samstag, 13. November 2010 22:46
> An: 'BlueOnyx General Mailing List'
> Betreff: [BlueOnyx:05819] Re: FTP Problems
>
> Problem is fixed. Yes I thought that FTP was port 21 but for
> some reason it needed an explicit rule on my firewall for
> inbound and outbound port 20 as well.
>
> It took some hunting for information on my firewall
> (m0n0wall) to fix it.
>
> Andy
>
More information about the Blueonyx
mailing list