Pix firewalls and FTP - "ftp", or "ftpdata"

- T
- thefunnel
  
  Contact options for registered users
posted
16 years ago

Thu, Sep 13, 2007 3:53 PM

Hi,

I would like to allow FTP access to a host on the inside of my Pix

525. I notice I can configure an access rule (via PDM). I notice I can choose from "ftp" and "ftpdata" on the list of predefined services? Im guessing this is ports 20 and 21. Unfortunately I can only choose one at a time without creating a "service group" and adding both. This seems a bit excessive as I thought FTP would be a common service to allow inbound . Can I get away with just adding "ftp" or JUST "ftpdata"

Many thanks,

Paul

Loading thread data ...

- L
- Lutz Donnerhacke
  
  Contact options for registered users
Vote on answer
posted
16 years ago

Thu, Sep 13, 2007 4:01 PM

Only allow ftp (21/TCP). The other ports are automatically opened by the PIX using fixup ftp or inspect ftp (which is default).

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.