Subject: Re: IPFilter and passive FTP Servers
To: None <firstname.lastname@example.org>
From: Jim Breton <email@example.com>
Date: 11/27/2002 02:07:37
On Tue, Nov 26, 2002 at 09:44:55AM -0500, Sam Carleton wrote:
> I have installed wu-ftp on a machine behine the NetBSD firewall.
Strike one! ;)
> configured wu-ftp to use ports 15000 through 19999 for passive FTP. Now
> I need to figure out how to configure the firewall. I believe I have
> the ipf.conf config correct:
An FTP server is not something I'd be happy about putting behind my
firewall, because forwarding to it is such a mess (basically you'd want to
use an ftp proxy on the firewall).
And wu-ftpd is not something I'd be happy about putting _anywhere_.
However, rather than get involved in that, may I instead offer the
1. choose a better (in terms of security) ftp server, e.g., vsftpd;
2. run the ftp server on the firewall itself instead.
(Assuming you even need FTP at all.. avoid it entirely if it is really not
necessary for whatever you're doing.)