From: Jonathan Hays (nomad@gfoyle.org)
Date: Mon Mar 01 2004 - 15:13:19 GMT-3
you wrote:
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
>Behalf Of David Hurtado
>Sent: Monday, March 01, 2004 11:53 AM
>To: tyson.scott@hp.com; nomad@gfoyle.org;
>kwchen@netvigator.com; ccielab@groupstudy.com
>Subject: RE: Passive FTP Examples in Pratical Studies Vol. 2.
>
>
>Hello everybody,
>
>I don't think that the following inbound ACL would be correct to allow
>the communication between FTP passive client and server (supposing that
>the server is outside the interface and its IP address is X.X.X.X)
>
>1. permit tcp host x.x.x.x any ftp
>
>2. permit tcp host x.x.x.x any gt 1023 established
>
>In FTP passive mode, the client never uses port 20 nor port 21, so the
>first statement would be useless. Please, tell me if i'm wrong.
>
>Thanks for the help
= = =
What exactly don't you understand? Why don't you post a step-by-step
description of your understanding of the packet flow and which ACL lines
are needed to let FTP traffic inbound via the ACL on your client.
It will help your understanding of FTP to read this document.
http://www.troubleshootingnetworks.com/ftpinfo.html
This archive was generated by hypermail 2.1.4 : Thu Apr 01 2004 - 08:15:11 GMT-3