Solved

FTP ACL

Posted on 2006-11-24
6
300 Views
Last Modified: 2012-05-05
I am confuse about this.

i need to set the access control list for firewall.

my question is focus on ftp....ftp has port 21 and some say 20...

so in firewall rules...do i need to permit such for tcp 21 and udp 20?
0
Comment
Question by:operation1612
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:bugsaif
ID: 18010205
Brief answer: There is no UDP in FTP... just TCP... You didn't specify which firewall, else I could've give you an ACE for the ftp... kinda depends on the firewall...

Detailed answer: Please read this... http://slacksite.com/other/ftp.html
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18010216
FTP uses both 21 and 20 for control and data (Both tcp). The thing is any decent firewall out there will understand that it has to allow both these ports if the service mentioned is ftp.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011434
ok i understand...

the firewall that i mention is a cisco firewall...

but what make me confuse is....when i do portscan to the server...why only i can see the port 21 but not the 20?

so in the firewall i should do this is it?:

permit tcp 20
permit tcp 21
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18011830
No you shouldn't have to. See the port 20 is opened only after the communication is established after the initial communication and then PIX *intelligently* allows communicating to it.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011940
so that mean i do not need to allow port 20 in the firewall...once user pass the firewall thru 21...user can do the port 20
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 50 total points
ID: 18013379
Yes that is correct, a typical acl for that on the firewall would be;

access-list <Name> permit tcp any host <FTP Server> eq ftp

access-group <Name> in interface outside.

Cheers,
Rajesh
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question