Hi,
On Fri, 8 Jun 2001, Adam Lang wrote:
> Hmmm... either way sounds like a security problem. To do it passive, I
> would have to basically open all ports for outgoing, wouldn't I?
Yes. Most people do not see this as a problem though. With a stateful
filetring firewall or proxy firewall, the outgoing "holes" are only open
between the cobversing machines for as long as they converse. Once one end
shuts down their end the filrewall "hole" disappears.
> I have a Cisco PIX, so I have stateful packet filtering. How does that
> change things? Going from port 21 to 20, does it still mark it as an
> established connection?
> Hmm... Time to do some testing...
The pix "understands" FTP. If you look at the config you should see it as
one of the "fixup" protocols.
Colin
Received on Mon Jun 11 2001 - 16:04:12 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 17:00:43 MST