[unisog] -- FTPS via NAT

Christoph Sprongl ch at it-austria.net
Wed Dec 19 07:37:05 GMT 2007


Hi,

thx Harry for your reply and hint!

Some question came up in my mind..
1) other gpl-sw for managing data with ftps
(i know webdav would be a good option, but the problem is the need of this
stupid ftps protocol *arg*)
2) instead of PAT, do i really want to open the firewalls with a specific
high port range?
3) creative ideas from the list..

thanks for any input.

cheers,
christoph

> Hi,
>
> We're using vsftpd to provide ftps service to our clients.
>
> The vsftpd box sites behind a Cisco that does NAT (well, PAT really ).
>
> You can, at least in vsftpd, define the following:
> ftp_data_port=989
> listen_port=990
> pasv_min_port=49100
> pasv_max_port=49110
>
> So, we have ports 49100 - 49110 open to the public.
>
> We then have iptables rules that pass all traffic on these ports back to
> the vsftpd server.
>
> I'd be happy to share configs, iptables rules if you need.
>
> Cheers,
> Harry
>
> Christoph Sprongl wrote:
>> Hi,
>>
>> we are in the situation to provide ftps (not scp or other encrypted way)
>> behind several firewalls for internet users.
>>
>> Does someone have experience with that? - or there any tools out there
>> for
>> unix/linux-server?
>>
>> cheers,
>> ch
>>
>> _______________________________________________
>> unisog mailing list
>> unisog at lists.dshield.org
>> https://lists.sans.org/mailman/listinfo/unisog
>
>




More information about the unisog mailing list