Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
 |
GNU/Linux Basic Guide
This 255-page guide will provide you with the keys to understand the philosophy of free software, teach you how to use and handle it, and give you the tools required to move easily in the world of GNU/Linux. Many users and administrators will be taking their first steps with this GNU/Linux Basic guide and it will show you how to approach and solve the problems you encounter.
Click Here to receive this Complete Guide absolutely free. |
|
 |
10-16-2012, 06:54 AM
|
#1
|
|
Senior Member
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,542
Rep: 
|
Firewall ports for FTPS (FTP over SSL) connection
hi
Which incoming firewall ports should be opened for FTPS (FTP over SSL) connection on the server site?
|
|
|
|
|
10-16-2012, 07:05 AM
|
#2
|
|
Member
Registered: Mar 2004
Location: .SE
Distribution: Fedora
Posts: 218
Rep:
|
as standard 20/21 but is the FTP Server is any good, you should be able to configure that into what you want.
20/21 is for "active" connection and if you want passive, that you'll have to configure for the server and open those ports in the firewall.
read up here: http://www.ntchosting.com/ftp/ftp-port-connection.html
Last edited by Basher52; 10-16-2012 at 07:09 AM.
|
|
|
|
|
10-16-2012, 07:09 AM
|
#3
|
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 42,707
|
Come on dude, we aren't a search engine... http://en.wikipedia.org/wiki/FTPS
But for the record FTPS is implemented as FTP with STARTTLS which would use the normal ports. |
|
|
|
|
10-16-2012, 07:00 PM
|
#4
|
|
Senior Member
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,542
Original Poster
Rep:
|
According to:
http://www.ipv4security.com/packet_f..._over_ssl.html
>>> Implicit SSL allows the server to specify a different port dedicated to SSL communication (TCP-990 for ftp-control channel, TCP-989 for ftp-data in active ftp mode). Any connections made to this port require immediate negotiation of certificates and SSL, avoiding any communication in plain text whatsoever. In active mode, ftps client initiates 'control session' to port 990 of server (outbound from client), but server initiates 'data session' back (sourcing from tcp port 989) to client (inbound to client). In passive mode, client initiates both control (tcp-990) and data sessions (port range specified by server/client negotiation) to the server (both are outbound from client). <<<
Last edited by cccc; 10-16-2012 at 07:13 PM.
|
|
|
|
|
10-17-2012, 02:41 AM
|
#5
|
|
Moderator
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 42,707
|
Quote:
Originally Posted by cccc
According to:
http://www.ipv4security.com/packet_f..._over_ssl.html
>>> Implicit SSL allows the server to specify a different port dedicated to SSL communication (TCP-990 for ftp-control channel, TCP-989 for ftp-data in active ftp mode). Any connections made to this port require immediate negotiation of certificates and SSL, avoiding any communication in plain text whatsoever. In active mode, ftps client initiates 'control session' to port 990 of server (outbound from client), but server initiates 'data session' back (sourcing from tcp port 989) to client (inbound to client). In passive mode, client initiates both control (tcp-990) and data sessions (port range specified by server/client negotiation) to the server (both are outbound from client). <<< |
Yes, but that's never used. |
|
|
|
| Thread Tools |
Search this Thread |
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT -5. The time now is 12:58 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
