Solved

FTP ACL

Posted on 2006-11-24
6
302 Views
Last Modified: 2012-05-05
I am confuse about this.

i need to set the access control list for firewall.

my question is focus on ftp....ftp has port 21 and some say 20...

so in firewall rules...do i need to permit such for tcp 21 and udp 20?
0
Comment
Question by:operation1612
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:bugsaif
ID: 18010205
Brief answer: There is no UDP in FTP... just TCP... You didn't specify which firewall, else I could've give you an ACE for the ftp... kinda depends on the firewall...

Detailed answer: Please read this... http://slacksite.com/other/ftp.html
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18010216
FTP uses both 21 and 20 for control and data (Both tcp). The thing is any decent firewall out there will understand that it has to allow both these ports if the service mentioned is ftp.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011434
ok i understand...

the firewall that i mention is a cisco firewall...

but what make me confuse is....when i do portscan to the server...why only i can see the port 21 but not the 20?

so in the firewall i should do this is it?:

permit tcp 20
permit tcp 21
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18011830
No you shouldn't have to. See the port 20 is opened only after the communication is established after the initial communication and then PIX *intelligently* allows communicating to it.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011940
so that mean i do not need to allow port 20 in the firewall...once user pass the firewall thru 21...user can do the port 20
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 50 total points
ID: 18013379
Yes that is correct, a typical acl for that on the firewall would be;

access-list <Name> permit tcp any host <FTP Server> eq ftp

access-group <Name> in interface outside.

Cheers,
Rajesh
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Open BDS Pf 3 54
Firewall question 5 101
Sonicwall SOHO Firewall port access 5 96
Content Filtering by Search Term with a Smoothwall Firewall 1 228
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
Do you have a windows based Checkpoint SmartCenter for centralized Checkpoint management?  Have you ever backed up the firewall policy residing on the SmartCenter?  If you have then you know the hassles of connecting to the server, doing an upgrade_…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question