> Hi, > I'm trying to get ftp working from behind a pf firewall. I'm using > pftpx on FreeBSD 6.2 for this. I believe i have passive working, one of my > windows boxes goes passive and dies on active.
Command line FTP client in windows is active only. > I've got three questions. First, > portupgrade uses fetch for retrieval correct, if so i want it to use > the -p (passive option) by default whenever it tries an ftp url. gw2:~ # set | grep -i ftp FTP_PASSIVE_MODE=1 > Second, ncftp i'd like to specify that it should use passive mode connections > by default as well. gw2:~ # grep -i passive .ncftp/prefs_v3 passive=on > Last, is active or passive ftp better in terms of security > strictly from a firewall perspective, i know the protocol isn't secure? Passive is less of a PITA, (that's not saying much). One doesn't have to handle ingress traffic initiated from the server. However one either has to leave high ports open or use a L7 proxy to dynamically open the firewall for each request, hence pftpx. > If active ftp is better than passive does anyone have a ruleset with it? > I'm using a block by default ruleset. I haven't used active FTP for years TBH. I have had serious arguments with vendors and suppliers who tried to insist on its use through environments I have had responsibility for. Greg > Thanks. > Dave. > > _______________________________________________ > freebsd-pf@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "[EMAIL PROTECTED]" _______________________________________________ freebsd-pf@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-pf To unsubscribe, send any mail to "[EMAIL PROTECTED]"
