Re: [masq] [masq] [masq] FTP and firewalls

Henrique Pantarotto (scanner@cepa.com.br)
Thu, 28 Jan 1999 21:45:05 -0200

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Chuck Gadd: "Re: [masq] [masq] [masq] FTP and firewalls"
Previous message: Clifford Hammerschmidt: "Re: [masq] [masq] [masq] FTP and firewalls"
In reply to: Clifford Hammerschmidt: "Re: [masq] [masq] [masq] FTP and firewalls"

>you have to use Passive transfers for the firewall box. Allowing port 20 to
>connect to ports above 65000 won't work for the firewall box, but will for
>everyone behind it, since the port command will always be going to 65000+
>for MASQ'd clients. Of course this would also allow someone to run a
>backdoor on ports above 65000 on your firewall box...

The port is actually 61000+ (not 65000).

Allowing connections from port 20 to ports 61000+ really makes your
firewall box insecure (if there's a backdoor running at a higher port),
like you said. This is a serious issue, isn't it? Isn't there a way to
resolve this problem? Something like a "smart" firewall, that records FTP
connections and only allows port 20 connections from already previously
established FTP connections.

Or a option that only allows 61000 and higher connections that are for MASQ
use only, and not for local use.

If I wrote something very stupid, please apologize me. ;-)

Henrique Pantarotto
Coord. Técnico Operacional
CEPAnet Internet Provider
Web: http://www.cepa.com.br
Tel. suporte: (011) 5506-8477
Sao Paulo - Brasil
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Chuck Gadd: "Re: [masq] [masq] [masq] FTP and firewalls"
Previous message: Clifford Hammerschmidt: "Re: [masq] [masq] [masq] FTP and firewalls"
In reply to: Clifford Hammerschmidt: "Re: [masq] [masq] [masq] FTP and firewalls"