Solved

FTP ACL

Posted on 2006-11-24
6
303 Views
Last Modified: 2012-05-05
I am confuse about this.

i need to set the access control list for firewall.

my question is focus on ftp....ftp has port 21 and some say 20...

so in firewall rules...do i need to permit such for tcp 21 and udp 20?
0
Comment
Question by:operation1612
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
6 Comments
 
LVL 3

Expert Comment

by:bugsaif
ID: 18010205
Brief answer: There is no UDP in FTP... just TCP... You didn't specify which firewall, else I could've give you an ACE for the ftp... kinda depends on the firewall...

Detailed answer: Please read this... http://slacksite.com/other/ftp.html
0
 
LVL 32

Expert Comment

by:rsivanandan
ID: 18010216
FTP uses both 21 and 20 for control and data (Both tcp). The thing is any decent firewall out there will understand that it has to allow both these ports if the service mentioned is ftp.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011434
ok i understand...

the firewall that i mention is a cisco firewall...

but what make me confuse is....when i do portscan to the server...why only i can see the port 21 but not the 20?

so in the firewall i should do this is it?:

permit tcp 20
permit tcp 21
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
LVL 32

Expert Comment

by:rsivanandan
ID: 18011830
No you shouldn't have to. See the port 20 is opened only after the communication is established after the initial communication and then PIX *intelligently* allows communicating to it.

Cheers,
Rajesh
0
 

Author Comment

by:operation1612
ID: 18011940
so that mean i do not need to allow port 20 in the firewall...once user pass the firewall thru 21...user can do the port 20
0
 
LVL 32

Accepted Solution

by:
rsivanandan earned 50 total points
ID: 18013379
Yes that is correct, a typical acl for that on the firewall would be;

access-list <Name> permit tcp any host <FTP Server> eq ftp

access-group <Name> in interface outside.

Cheers,
Rajesh
0

Featured Post

Retailers - Is your network secure?

With the prevalence of social media & networking tools, for retailers, reputation is critical. Have you considered the impact your network security could have in your customer's experience? Learn more in our Retail Security Resource Kit Today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

To setup a SonicWALL for policy based routing to be used with the Websense Content Gateway there are several steps that need to be completed. Below is a rough guide for accomplishing this. One thing of note is this guide is intended to assist in the…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question