[BlueOnyx:15992] Re: sFTP & firewall
Maurice de Laat
mdlaat at muisnetwerken.nl
Sat Sep 20 10:56:34 -05 2014
On 10-09-14 01:06, Michael Stauber wrote:
> Hi Maurice,
>
>> Just wondering: how do you provide access to sFTP in your firewall? Unlike
>> regular FTP, there is no way to automatically open and close the right
>> ports that are used by the data connection. Do you just open a range of
>> ports for sFTP?
[...]
> As you can see, that line ends with "49152_65534", which opens the
> matching port range.
>
> You can certainly choose different port ranges and can choose to open
> fewer ports. In that case you'd need to edit both /etc/proftpd.conf and
> /etc/apf/conf.apf
Thank you Michael, that answers my question about how to allow FTPS.
Apparently it is common to "just" open some ports regardless or not they
are being used in a current FTP session.
Now, from this thread I do understand that SFTP can allow secure FTP
without the need of having ports constantly open. See my other question
in this thread.
Maurice
More information about the Blueonyx
mailing list