Solved

FTP ACL

Posted on 2006-11-24
6
298 Views
Last Modified: 2012-05-05
I am confuse about this.

i need to set the access control list for firewall.

my question is focus on ftp....ftp has port 21 and some say 20...

so in firewall rules...do i need to permit such for tcp 21 and udp 20?
0
Comment
Question by:operation1612
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:bugsaif
ID: 18010205
Brief answer: There is no UDP in FTP... just TCP... You didn't specify which firewall, else I could've give you an ACE for the ftp... kinda depends on the firewall...

Detailed answer: Please read this... http://slacksite.com/other/ftp.html
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18010216
FTP uses both 21 and 20 for control and data (Both tcp). The thing is any decent firewall out there will understand that it has to allow both these ports if the service mentioned is ftp.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011434
ok i understand...

the firewall that i mention is a cisco firewall...

but what make me confuse is....when i do portscan to the server...why only i can see the port 21 but not the 20?

so in the firewall i should do this is it?:

permit tcp 20
permit tcp 21
0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18011830
No you shouldn't have to. See the port 20 is opened only after the communication is established after the initial communication and then PIX *intelligently* allows communicating to it.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011940
so that mean i do not need to allow port 20 in the firewall...once user pass the firewall thru 21...user can do the port 20
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 50 total points
ID: 18013379
Yes that is correct, a typical acl for that on the firewall would be;

access-list <Name> permit tcp any host <FTP Server> eq ftp

access-group <Name> in interface outside.

Cheers,
Rajesh
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are like regular user of computer nowadays, a good bet that your home computer is on right now, all exposed to world of Internet to be exploited by somebody you do not know and you never will. Internet security issues has been getting worse d…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Learn how to create flexible layouts using relative units in CSS.  New relative units added in CSS3 include vw(viewports width), vh(viewports height), vmin(minimum of viewports height and width), and vmax (maximum of viewports height and width).

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now