- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: FTP server
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 08:47 AM
09-04-2003 08:47 AM
FTP server
I am in Customer place.
They have a FTP server for some specific need, which is placed here out of the firewall.
Few known users are placing files in FTP server, which is then getting picked up by a application which is inside firewall.
I want to know, if the ftp server can be placed inside firewall, which will be more secure too. I am in mood of suggesting to customer, can someone please confirm my views. Please answer the query.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 08:53 AM
09-04-2003 08:53 AM
Re: FTP server
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 08:54 AM
09-04-2003 08:54 AM
Re: FTP server
If it is on your side of the firewall, you will have to open your customers machines to the outside world. If it stays where it is, you can use rules that only allow you to get information from the ftp server.
The rule is, pulls are OK, pushes are not.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 09:03 AM
09-04-2003 09:03 AM
Re: FTP server
How U have been ? :-)
To answer your query
Yes no big deal to place a FTP server inside the firewall. Couple of things
1) FTP uses two ports. 20 for data and 21 for control. Port 21 is used for commands and 20 for transferring the data.
So you need to enable these ports in ur firewall
2) Also your ftp client can use the ftp service in the active/passive mode. Active mode is by default. In active mode, u need to enable outgoing connection from ur ftp server on port 20 on an already established connection. In passive mode port 20 is not used at all. For the FTP to work properly it is necessary that the firewall is a connection/state-aware. All the modern day firewalls are connection/state aware
3) one more problem with the FTP inside the firewall is, if the client is transferring huge chunk of data say more than 600MB. In this case the port 20 (data port) will be active transferring the data but port 21 (control port) will be inactive since there are no commands transferred to/from. So the firewall will close the port 21 after certain amount of predefined timeout period. Once the data is transferred the client connection will be abruptly closed by the server since the control port is already closed.
Let me know of any questions
Sundar.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 09:17 AM
09-04-2003 09:17 AM
Re: FTP server
If you want the ftp server accessible to the public and don't have the infrastructure and money to set up a dmz, here is how it can be done.
Make the (I assume HP-UX) ftp server the firewall. It can provide NAT to the internal network if you wish, or at the very least IP filter firewall running on the box will limit the exploit opportunities from failures in the FTP server.
If you have the bucks, you can do the dmz thing. You can even program both firewalls to forward all traffic in both directions to and from a server in the normal server zone.
With ftp in a chroot jail, the chances of security issues are pretty low. If you don't mind the fact that ftp does passwords in clear text.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2003 12:23 AM
09-05-2003 12:23 AM
Re: FTP server
Thanks to all, Clay, Mark, Sundar and Steven.
I am pleased with the answers from all.
Answer from Mark suits my query 100%
And Sundar, thanks for your reply in detail.
Mark has also helped out nicely..and Steven too.
I want to know where can I found information on DMZ and also about firewall setup.
Best regards
Prashant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2003 08:36 AM
09-05-2003 08:36 AM
Re: FTP server
Kya re, you dont beleive in assigning points or what ?.