Date: Thu, 23 Oct 2008 11:35:05 +1100 From: Norberto Meijome <numardbsd@gmail.com> To: freebsd-questions@freebsd.org Subject: Re: what else is needed to make ftp passive work Message-ID: <20081023113505.74aa668b@ayiin> In-Reply-To: <20081022191330.GA66142@icarus.home.lan> References: <200810222050687.SM01744@TX2.Go2France.com> <20081022191330.GA66142@icarus.home.lan>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 22 Oct 2008 12:13:30 -0700
Jeremy Chadwick <koitsu@FreeBSD.org> wrote:
> Inbound: TCP port 21 (main ftpd daemon)
> Inbound: TCP ports 49152 to 65535 (used in FTP passive mode)
> Outbound: TCP port 20 (used in FTP active mode)
>
> Yes, you read that range correctly. And yes, it's quite large. Yes,
> there is a way to diminish it, but it will affect other programs on
> FreeBSD, so I do not recommend adjusting it. It's controlled by
> sysctls. See the -U option of ftpd, but note that it doesn't do
> anything for FreeBSD 5.0 or later.
as far as I remember, FTP servers (with the not so unexpected exception of MS
IIS' FTP service) can be configured to listen on specific ports for passive
transfers.
If you don't have a busy server, a few ports ( 10 ? ) would do. Then you can
firewall it as needed.
This is, of course, an application (service ) configuration as opposed to what
Jeremy mentioned, I believe , which relies on the servers "high ports"
definition, which yes, will affect the whole tcp stack in the server.
B
_________________________
{Beto|Norberto|Numard} Meijome
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.
I speak for myself, not my employer. Contents may be hot. Slippery when wet.
Reading disclaimers makes you go blind. Writing them is worse. You have been
Warned.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081023113505.74aa668b>