HPE GreenLake Administration
- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - HP-UX
- >
- Re: FTP server
Operating System - HP-UX
1836605
Members
2121
Online
110102
Solutions
Forums
Categories
Company
Local Language
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Forums
Discussions
Discussions
Discussions
Forums
Discussions
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 08:47 AM
09-04-2003 08:47 AM
FTP server
Hi,
I am in Customer place.
They have a FTP server for some specific need, which is placed here out of the firewall.
Few known users are placing files in FTP server, which is then getting picked up by a application which is inside firewall.
I want to know, if the ftp server can be placed inside firewall, which will be more secure too. I am in mood of suggesting to customer, can someone please confirm my views. Please answer the query.
I am in Customer place.
They have a FTP server for some specific need, which is placed here out of the firewall.
Few known users are placing files in FTP server, which is then getting picked up by a application which is inside firewall.
I want to know, if the ftp server can be placed inside firewall, which will be more secure too. I am in mood of suggesting to customer, can someone please confirm my views. Please answer the query.
6 REPLIES 6
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 08:53 AM
09-04-2003 08:53 AM
Re: FTP server
An FTP server will, of course, work perfectly well inside a firewall and be more secure BUT public and/or customer access to this server is thus prevented. If both customers/public and company users must access the data then the best choice is a "DMZ" - Demilitirized Zone -- in which some public/customer access is allowed.
If it ain't broke, I can fix that.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 08:54 AM
09-04-2003 08:54 AM
Re: FTP server
To be honest, it's better to leave it where it is.
If it is on your side of the firewall, you will have to open your customers machines to the outside world. If it stays where it is, you can use rules that only allow you to get information from the ftp server.
The rule is, pulls are OK, pushes are not.
If it is on your side of the firewall, you will have to open your customers machines to the outside world. If it stays where it is, you can use rules that only allow you to get information from the ftp server.
The rule is, pulls are OK, pushes are not.
Never preceed any demonstration with anything more predictive than "watch this"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 09:03 AM
09-04-2003 09:03 AM
Re: FTP server
Hi Prashant,
How U have been ? :-)
To answer your query
Yes no big deal to place a FTP server inside the firewall. Couple of things
1) FTP uses two ports. 20 for data and 21 for control. Port 21 is used for commands and 20 for transferring the data.
So you need to enable these ports in ur firewall
2) Also your ftp client can use the ftp service in the active/passive mode. Active mode is by default. In active mode, u need to enable outgoing connection from ur ftp server on port 20 on an already established connection. In passive mode port 20 is not used at all. For the FTP to work properly it is necessary that the firewall is a connection/state-aware. All the modern day firewalls are connection/state aware
3) one more problem with the FTP inside the firewall is, if the client is transferring huge chunk of data say more than 600MB. In this case the port 20 (data port) will be active transferring the data but port 21 (control port) will be inactive since there are no commands transferred to/from. So the firewall will close the port 21 after certain amount of predefined timeout period. Once the data is transferred the client connection will be abruptly closed by the server since the control port is already closed.
Let me know of any questions
Sundar.
How U have been ? :-)
To answer your query
Yes no big deal to place a FTP server inside the firewall. Couple of things
1) FTP uses two ports. 20 for data and 21 for control. Port 21 is used for commands and 20 for transferring the data.
So you need to enable these ports in ur firewall
2) Also your ftp client can use the ftp service in the active/passive mode. Active mode is by default. In active mode, u need to enable outgoing connection from ur ftp server on port 20 on an already established connection. In passive mode port 20 is not used at all. For the FTP to work properly it is necessary that the firewall is a connection/state-aware. All the modern day firewalls are connection/state aware
3) one more problem with the FTP inside the firewall is, if the client is transferring huge chunk of data say more than 600MB. In this case the port 20 (data port) will be active transferring the data but port 21 (control port) will be inactive since there are no commands transferred to/from. So the firewall will close the port 21 after certain amount of predefined timeout period. Once the data is transferred the client connection will be abruptly closed by the server since the control port is already closed.
Let me know of any questions
Sundar.
Learn What to do ,How to do and more importantly When to do ?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-04-2003 09:17 AM
09-04-2003 09:17 AM
Re: FTP server
Based on earlier replies, I have a middle of the road suggestion.
If you want the ftp server accessible to the public and don't have the infrastructure and money to set up a dmz, here is how it can be done.
Make the (I assume HP-UX) ftp server the firewall. It can provide NAT to the internal network if you wish, or at the very least IP filter firewall running on the box will limit the exploit opportunities from failures in the FTP server.
If you have the bucks, you can do the dmz thing. You can even program both firewalls to forward all traffic in both directions to and from a server in the normal server zone.
With ftp in a chroot jail, the chances of security issues are pretty low. If you don't mind the fact that ftp does passwords in clear text.
SEP
If you want the ftp server accessible to the public and don't have the infrastructure and money to set up a dmz, here is how it can be done.
Make the (I assume HP-UX) ftp server the firewall. It can provide NAT to the internal network if you wish, or at the very least IP filter firewall running on the box will limit the exploit opportunities from failures in the FTP server.
If you have the bucks, you can do the dmz thing. You can even program both firewalls to forward all traffic in both directions to and from a server in the normal server zone.
With ftp in a chroot jail, the chances of security issues are pretty low. If you don't mind the fact that ftp does passwords in clear text.
SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2003 12:23 AM
09-05-2003 12:23 AM
Re: FTP server
Hi,
Thanks to all, Clay, Mark, Sundar and Steven.
I am pleased with the answers from all.
Answer from Mark suits my query 100%
And Sundar, thanks for your reply in detail.
Mark has also helped out nicely..and Steven too.
I want to know where can I found information on DMZ and also about firewall setup.
Best regards
Prashant
Thanks to all, Clay, Mark, Sundar and Steven.
I am pleased with the answers from all.
Answer from Mark suits my query 100%
And Sundar, thanks for your reply in detail.
Mark has also helped out nicely..and Steven too.
I want to know where can I found information on DMZ and also about firewall setup.
Best regards
Prashant
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
09-05-2003 08:36 AM
09-05-2003 08:36 AM
Re: FTP server
Zanwar Shahib,
Kya re, you dont beleive in assigning points or what ?.
Kya re, you dont beleive in assigning points or what ?.
Learn What to do ,How to do and more importantly When to do ?
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
Company
Events and news
Customer resources
© Copyright 2025 Hewlett Packard Enterprise Development LP