From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Thu Feb 26 2004 - 21:38:00 GMT-3
Thought the data channel and the command channel was the same with
passive ftp.
Going to the ftp server,
access-list 102 permit tcp host 1.1.1.1 gt 1023 host 2.2.2.2 eq ftp
Coming from the ftp server
access-list 102 permit tcp host 2.2.2.2 eq ftp host 1.1.1.1 gt 1023
My best guess.
-----Original Message-----
From: William Chen [mailto:kwchen@netvigator.com]
Sent: Thursday, February 26, 2004 6:14 PM
To: ccielab@groupstudy.com
Subject: Passive FTP Examples in Pratical Studies Vol. 2.
Dear all,
In all the examples of passive FTP in the book of Ptractical Studies
Vol.
2. It states that to match the passive FTP traffic by ACL to a server,
the
ACL should be:
1. permit ip tcp any host x.x.x.x ftp
2. permit ip tcp any host x.x.x.x gt 1023 established
I wonder why established is used in the statement 2, since in
passive
FTP, the data channel should be initiated by the client to server at a
port
greater than 1023.
Best Regards,
William Chen
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:57 GMT-3