?
Solved

FTP ACL

Posted on 2006-11-24
6
Medium Priority
?
305 Views
Last Modified: 2012-05-05
I am confuse about this.

i need to set the access control list for firewall.

my question is focus on ftp....ftp has port 21 and some say 20...

so in firewall rules...do i need to permit such for tcp 21 and udp 20?
0
Comment
Question by:operation1612
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:bugsaif
ID: 18010205
Brief answer: There is no UDP in FTP... just TCP... You didn't specify which firewall, else I could've give you an ACE for the ftp... kinda depends on the firewall...

Detailed answer: Please read this... http://slacksite.com/other/ftp.html
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18010216
FTP uses both 21 and 20 for control and data (Both tcp). The thing is any decent firewall out there will understand that it has to allow both these ports if the service mentioned is ftp.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011434
ok i understand...

the firewall that i mention is a cisco firewall...

but what make me confuse is....when i do portscan to the server...why only i can see the port 21 but not the 20?

so in the firewall i should do this is it?:

permit tcp 20
permit tcp 21
0
WatchGuard's M Series Appliances - Miecom Approved

WatchGuard's newest M series appliances were put to the test by Miercom.  We had great results and outperformed all of our competitors in both stateless and stateful traffic throghput scenarios! Ready to see how your UTM appliance stacked up? Download the Miercom Report!

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18011830
No you shouldn't have to. See the port 20 is opened only after the communication is established after the initial communication and then PIX *intelligently* allows communicating to it.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011940
so that mean i do not need to allow port 20 in the firewall...once user pass the firewall thru 21...user can do the port 20
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 200 total points
ID: 18013379
Yes that is correct, a typical acl for that on the firewall would be;

access-list <Name> permit tcp any host <FTP Server> eq ftp

access-group <Name> in interface outside.

Cheers,
Rajesh
0

Featured Post

Put Machine Learning to Work--Protect Your Clients

Machine learning means Smarter Cybersecurity™ Solutions.
As technology continues to advance, managing and analyzing massive data sets just can’t be accomplished by humans alone. It requires huge amounts of memory and storage, as well as high-speed processing of the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question