[unisog] -- FTPS via NAT

Harry Hoffman hhoffman at ip-solutions.net
Tue Dec 18 22:18:34 GMT 2007


Hi,

We're using vsftpd to provide ftps service to our clients.

The vsftpd box sites behind a Cisco that does NAT (well, PAT really ).

You can, at least in vsftpd, define the following:
ftp_data_port=989
listen_port=990
pasv_min_port=49100
pasv_max_port=49110

So, we have ports 49100 - 49110 open to the public.

We then have iptables rules that pass all traffic on these ports back to 
the vsftpd server.

I'd be happy to share configs, iptables rules if you need.

Cheers,
Harry

Christoph Sprongl wrote:
> Hi,
> 
> we are in the situation to provide ftps (not scp or other encrypted way)
> behind several firewalls for internet users.
> 
> Does someone have experience with that? - or there any tools out there for
> unix/linux-server?
> 
> cheers,
> ch
> 
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog


More information about the unisog mailing list