[BlueOnyx:15918] Re: FTPs & firewall
Ralf Quint
pcworxla at gmail.com
Mon Sep 8 15:21:07 -05 2014
On 9/8/2014 1:12 PM, Maurice de Laat wrote:
> On 08-09-14 21:55, Ralf Quint wrote:
>
>> Well, I am using a smart firewall, which has a conntrack module and
>> allows outbound (passive) connection as 'related' traffic... ;-)
> So, your firewall is able to decrypt the SSL encrypted traffic between
> the ftps server and the client? I am using apf/bfd, but as far as I can
> see that is not possible with apf.
Sorry, but in your last post, you mentioned that you actually meant
"FTP"not SFTP, and that does not have any SSL encryption.
FTPS (as in Secure FTP or one of the many other acronyms) needs to have
a (limited) range of outgoing ports opened, as the conntrack "sniffing"
indeed doesn't work. One of the reason why I do not use this anywhere
(certificate issue all aside) and rather use SFTP (as in SSH FTP), using
SSH protocol 5, instead....
Ralf
--
-- P.C.Worx * On-Site IT Services Phone: (323)744-1081 Mailing address:
12021 Wilshire Blvd. #290, Los Angeles, CA 90025 www.pcworxla.com --
---
This email is free from viruses and malware because avast! Antivirus protection is active.
http://www.avast.com
More information about the Blueonyx
mailing list