From owner-freebsd-questions@FreeBSD.ORG Tue Dec 13 15:11:38 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2F64916A41F for ; Tue, 13 Dec 2005 15:11:38 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from mta13.adelphia.net (mta13.mail.adelphia.net [68.168.78.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7197343D53 for ; Tue, 13 Dec 2005 15:11:37 +0000 (GMT) (envelope-from fbsd_user@a1poweruser.com) Received: from barbish ([69.172.31.117]) by mta13.adelphia.net (InterMail vM.6.01.05.02 201-2131-123-102-20050715) with SMTP id <20051213151134.TVRG26442.mta13.adelphia.net@barbish>; Tue, 13 Dec 2005 10:11:34 -0500 From: "fbsd_user" To: "Pietro Cerutti" , "Imran Imtiaz" , "FreeBSD" Date: Tue, 13 Dec 2005 10:11:33 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.6604 (9.0.2911.0) In-Reply-To: Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Cc: Subject: RE: ftp problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: fbsd_user@a1poweruser.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 13 Dec 2005 15:11:38 -0000 Opening the high order ports is a security risk. This is a long standing problem with the FTP protocol. If you are going to have a FTP server on your FBSD box being accessible from the public internet, you should be using the built in FTP proxy in ipfilter firewall. The ftp proxy option only opens the single ftp data high order port number being used. This is much more sure than exposing all the high order ports. -----Original Message----- From: owner-freebsd-questions@freebsd.org [mailto:owner-freebsd-questions@freebsd.org]On Behalf Of Pietro Cerutti Sent: Tuesday, December 13, 2005 9:09 AM To: Imran Imtiaz; FreeBSD Subject: Re: ftp problem On 12/13/05, Imran Imtiaz wrote: > they are comming on xl0 interface Then you should enable in/outbound traffic on your xl0 interface, for the ports from 49152 through 65535, used for the data-channel connection. -- Pietro Cerutti Beansidhe - SwiSS Death / Thrash Metal Windows: "Where do you want to go today?" Linux: "Where do you want to go tomorrow?" FreeBSD: "Are you guys coming or what?" _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"