LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (http://www.linuxquestions.org/questions/linux-security-4/)
-   -   Firewall ports for FTPS (FTP over SSL) connection (http://www.linuxquestions.org/questions/linux-security-4/firewall-ports-for-ftps-ftp-over-ssl-connection-4175432468/)

cccc 10-16-2012 07:54 AM

Firewall ports for FTPS (FTP over SSL) connection
 
hi

Which incoming firewall ports should be opened for FTPS (FTP over SSL) connection on the server site?

Basher52 10-16-2012 08:05 AM

as standard 20/21 but is the FTP Server is any good, you should be able to configure that into what you want.
20/21 is for "active" connection and if you want passive, that you'll have to configure for the server and open those ports in the firewall.

read up here: http://www.ntchosting.com/ftp/ftp-port-connection.html

acid_kewpie 10-16-2012 08:09 AM

Come on dude, we aren't a search engine... http://en.wikipedia.org/wiki/FTPS

But for the record FTPS is implemented as FTP with STARTTLS which would use the normal ports.

cccc 10-16-2012 08:00 PM

According to:

http://www.ipv4security.com/packet_f..._over_ssl.html

>>> Implicit SSL allows the server to specify a different port dedicated to SSL communication (TCP-990 for ftp-control channel, TCP-989 for ftp-data in active ftp mode). Any connections made to this port require immediate negotiation of certificates and SSL, avoiding any communication in plain text whatsoever. In active mode, ftps client initiates 'control session' to port 990 of server (outbound from client), but server initiates 'data session' back (sourcing from tcp port 989) to client (inbound to client). In passive mode, client initiates both control (tcp-990) and data sessions (port range specified by server/client negotiation) to the server (both are outbound from client). <<<

acid_kewpie 10-17-2012 03:41 AM

Quote:

Originally Posted by cccc (Post 4807664)
According to:

http://www.ipv4security.com/packet_f..._over_ssl.html

>>> Implicit SSL allows the server to specify a different port dedicated to SSL communication (TCP-990 for ftp-control channel, TCP-989 for ftp-data in active ftp mode). Any connections made to this port require immediate negotiation of certificates and SSL, avoiding any communication in plain text whatsoever. In active mode, ftps client initiates 'control session' to port 990 of server (outbound from client), but server initiates 'data session' back (sourcing from tcp port 989) to client (inbound to client). In passive mode, client initiates both control (tcp-990) and data sessions (port range specified by server/client negotiation) to the server (both are outbound from client). <<<

Yes, but that's never used.


All times are GMT -5. The time now is 03:56 PM.