Date: Fri, 26 Oct 2001 17:52:40 -0500 From: Mike Meyer <mwm@mired.org> To: "Patrick O'Reilly" <patrick@mip.co.za> Cc: <questions@FreeBSD.ORG> Subject: RE: ipfw rules for FTP - passive vs. active Message-ID: <15321.59704.119385.155815@guru.mired.org> In-Reply-To: <NDBBIMKICMDGDMNOOCAIIEEGDMAA.patrick@mip.co.za> References: <15320.17295.222857.730255@guru.mired.org> <NDBBIMKICMDGDMNOOCAIIEEGDMAA.patrick@mip.co.za>
next in thread | previous in thread | raw e-mail | index | archive | help
Patrick O'Reilly <patrick@mip.co.za> types: > Mike, > I have been using option (1) till now, but the pressure to back down is > mounting. I'll look into (2). My FTP is not for general anonymous access. > It is for exchange of data between trading partners, so I need to cater for > "secure" connections with login and password controlling access to the > server (don't laugh too loud please - I know FTPs "security" is, well, weak, > but the users feel better knowing that they have given a password!). Will > HTTP cater for file up-and-down loads with user authentication? That was already answered, but yes. > I've tried pushing people to use scp (Putty's sister called pscp does a > great job on Windoze platforms). However, the resistance to change is > mind-boggling! :( And that resistance comes from the very same people who > insist on having "secure" FTP logins and passwords. Go figure! That's my preferred solution. I'm not sure what it takes to configure sshd to allow scp but no ssh, though. One other option is to put the ftp server outside the firewall as a dedicated box. Since it's outside the firewall, everyone can reach it with passive connection. This is basically the proxy solution, except the extra work is on the users head instead of the admins head. Possibly telling those users who don't like pscp that they can instead shell out a few hundred for another server for this will encourage them to change :-). <mike -- Mike Meyer <mwm@mired.org> http://www.mired.org/home/mwm/ Q: How do you make the gods laugh? A: Tell them your plans. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?15321.59704.119385.155815>