Adam Lang wrote:
>
> Hmmm... either way sounds like a security problem. To do it passive, I
> would have to basically open all ports for outgoing, wouldn't I?
With a good firewall passive or active does not matter. There you
firewall on the protocol FTP.
With a dumb packet filter you can only set up passive FTP securely.
Doing dumb packet filtering of active FTP in a secure manner is not
technically possible. If you thing it is, then you only think yourself
into a false feeling of security, and your firewall is most likely
almost wide open.
Note: the above assumes it is the clients who are firewalled, not
servers.
-- Henrik Nordstrom Squid HackerReceived on Sun Jun 10 2001 - 15:31:41 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:35 MST