LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-16-2012, 06:54 AM   #1
cccc
Senior Member
 
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,613

Rep: Reputation: 47
Firewall ports for FTPS (FTP over SSL) connection


hi

Which incoming firewall ports should be opened for FTPS (FTP over SSL) connection on the server site?
 
Old 10-16-2012, 07:05 AM   #2
Basher52
Member
 
Registered: Mar 2004
Location: .SE
Distribution: Fedora
Posts: 231

Rep: Reputation: 8
as standard 20/21 but is the FTP Server is any good, you should be able to configure that into what you want.
20/21 is for "active" connection and if you want passive, that you'll have to configure for the server and open those ports in the firewall.

read up here: http://www.ntchosting.com/ftp/ftp-port-connection.html

Last edited by Basher52; 10-16-2012 at 07:09 AM.
 
Old 10-16-2012, 07:09 AM   #3
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
Come on dude, we aren't a search engine... http://en.wikipedia.org/wiki/FTPS

But for the record FTPS is implemented as FTP with STARTTLS which would use the normal ports.
 
Old 10-16-2012, 07:00 PM   #4
cccc
Senior Member
 
Registered: Sep 2003
Distribution: Debian Squeeze / Wheezy
Posts: 1,613

Original Poster
Rep: Reputation: 47
According to:

http://www.ipv4security.com/packet_f..._over_ssl.html

>>> Implicit SSL allows the server to specify a different port dedicated to SSL communication (TCP-990 for ftp-control channel, TCP-989 for ftp-data in active ftp mode). Any connections made to this port require immediate negotiation of certificates and SSL, avoiding any communication in plain text whatsoever. In active mode, ftps client initiates 'control session' to port 990 of server (outbound from client), but server initiates 'data session' back (sourcing from tcp port 989) to client (inbound to client). In passive mode, client initiates both control (tcp-990) and data sessions (port range specified by server/client negotiation) to the server (both are outbound from client). <<<

Last edited by cccc; 10-16-2012 at 07:13 PM.
 
Old 10-17-2012, 02:41 AM   #5
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,398

Rep: Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965Reputation: 1965
Quote:
Originally Posted by cccc View Post
According to:

http://www.ipv4security.com/packet_f..._over_ssl.html

>>> Implicit SSL allows the server to specify a different port dedicated to SSL communication (TCP-990 for ftp-control channel, TCP-989 for ftp-data in active ftp mode). Any connections made to this port require immediate negotiation of certificates and SSL, avoiding any communication in plain text whatsoever. In active mode, ftps client initiates 'control session' to port 990 of server (outbound from client), but server initiates 'data session' back (sourcing from tcp port 989) to client (inbound to client). In passive mode, client initiates both control (tcp-990) and data sessions (port range specified by server/client negotiation) to the server (both are outbound from client). <<<
Yes, but that's never used.
 
  


Reply

Tags
firewall, ftp over ssl, ftps, ports


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Darpa Ftpd ssl support ie FTPS nehaiitd@gmail.com Red Hat 0 01-08-2010 06:52 AM
SSH connection through the firewall with no ports open Vitoriung Linux - Networking 7 10-06-2009 10:51 AM
vsFTPd - SSL connection and dynamic SSL ports toxoplasme Linux - Server 11 08-22-2008 10:50 PM
ftp over ssl or ftps://.. dsids Linux - Security 4 07-20-2006 11:49 PM
console ftps/ssl client with clear data channel? evank Linux - Software 0 03-07-2006 06:04 PM


All times are GMT -5. The time now is 01:30 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration