BetaONE will rise again!

BetaONE will rise again! (http:\\b1.hcanet.com\forum/index.php)
-   FTP Help (http:\\b1.hcanet.com\forum/forumdisplay.php?f=37)
-   -   Firewall settings for FTP server (http:\\b1.hcanet.com\forum/showthread.php?t=608)

Camino 1st Jan 02 08:04 PM
Need some advise guys...
How must I set my firewall security rules for my FTP server?
Need this nfo very badly, I have a strong feeling that the security for know is a BIG joke! :o

The portvalue of this server is set on 27015
I use Norton Internet Security 4.0 and Neowatch 2.4

Here are some rules that I must set and I haven't a clue what this all means

1. Connections
connection to other computers (outbound)
connection from other computers (inbound)
connection to and from other computers (inbound & outbound)

2. Communications
- Protocols to permit?
TCP
UDP
TCP & UDP

- Communications or ports permit?
all ports,local and remote
only the types of communication or port listed below


And to be honest, I don't know how I must set these port settings. When I fill here the portvalue 27015, the firewall still blocks some activity(on remote port 1356 1357 ....). :confused:

Need some input please, TIA

unicorn 2nd Jan 02 01:09 AM
Camino: I donīt know anything about how to config Norton firewall, but I can put some basic thoughts here:
If you run a ftp-server at a nonstandard port then you actively has told the server to listen on that port. Thus the firewall should admit traffic for the serverapplication and this port. Duh. The more tricky part is that the server need one more port. If you run it at port 27015 that is the port it is listening at, waiting for ppl to connect. The data port should be port x-1, in this case 27014. If you config the server not to allow PASV port theese are the only ports the server needs to work. The protocol is TCP/IP.
Then there are different ways to increase the security. If you run your server for a few well-known users you can config it only to allow communication with thoose. This is set up in two different ways where the firts one of course is by username/password, and the other one only allowing connections from theese ppls ip-numbers. Depending on what server and what firewall there might be possibilites to block other ip-numbers either by configging the server or the firewall.
When you mention connections on other prots this might be because you allow PASV mode - then the server tells each user at each connection (or event, like dir-listing, retrieving, uploading and so on) to use a specifik port. Then you have to config the firewall in accordance to this: admit the server to use any port, or ports at the intervall that you tell the server to keep PASV mode connection inside (f eks 1400-1500).
Hope this help somewhat.

.unicorn

Camino 2nd Jan 02 11:57 AM
THX .unicorn for explaining this all to me. Must say, after reading this nfo, it's more clear to me.
For know I can say, I understand some of the basics what I must do for getting a better security.

Have a nice day m8

unicorn 2nd Jan 02 04:06 PM
You do understand after reading this? Thatīs good. Sometimes Iīm ashamed of my English. Lot of the stuff I write seems hard to understand, also to myself ...lol
You are welcome, get back here if new questions arise.

Camino 2nd Jan 02 08:30 PM
Thx .unicorn I will gladly accept your offer. If I encounter some other problems regarding this subject, I will give you a PM.

THX m8.

BTW Your English isn't so bad at all, so don't feel bad about it OK!


All times are GMT +1. The time now is 11:54 AM.

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.