Firewall settings for FTP server

[Camino]

Need some advise guys...
How must I set my firewall security rules for my FTP server?
Need this nfo very badly, I have a strong feeling that the security for know is a BIG joke!

The portvalue of this server is set on 27015
I use Norton Internet Security 4.0 and Neowatch 2.4

Here are some rules that I must set and I haven't a clue what this all means

1. Connections
connection to other computers (outbound)
connection from other computers (inbound)
connection to and from other computers (inbound & outbound)

2. Communications
- Protocols to permit?
TCP
UDP
TCP & UDP

- Communications or ports permit?
all ports,local and remote
only the types of communication or port listed below


And to be honest, I don't know how I must set these port settings. When I fill here the portvalue 27015, the firewall still blocks some activity(on remote port 1356 1357 ....).

Need some input please, TIA

[unicorn]

Camino: I don´t know anything about how to config Norton firewall, but I can put some basic thoughts here:
If you run a ftp-server at a nonstandard port then you actively has told the server to listen on that port. Thus the firewall should admit traffic for the serverapplication and this port. Duh. The more tricky part is that the server need one more port. If you run it at port 27015 that is the port it is listening at, waiting for ppl to connect. The data port should be port x-1, in this case 27014. If you config the server not to allow PASV port theese are the only ports the server needs to work. The protocol is TCP/IP.
Then there are different ways to increase the security. If you run your server for a few well-known users you can config it only to allow communication with thoose. This is set up in two different ways where the firts one of course is by username/password, and the other one only allowing connections from theese ppls ip-numbers. Depending on what server and what firewall there might be possibilites to block other ip-numbers either by configging the server or the firewall.
When you mention connections on other prots this might be because you allow PASV mode - then the server tells each user at each connection (or event, like dir-listing, retrieving, uploading and so on) to use a specifik port. Then you have to config the firewall in accordance to this: admit the server to use any port, or ports at the intervall that you tell the server to keep PASV mode connection inside (f eks 1400-1500).
Hope this help somewhat.

.unicorn

[Camino]

THX .unicorn for explaining this all to me. Must say, after reading this nfo, it's more clear to me.
For know I can say, I understand some of the basics what I must do for getting a better security.

Have a nice day m8

[unicorn]

You do understand after reading this? That´s good. Sometimes I´m ashamed of my English. Lot of the stuff I write seems hard to understand, also to myself ...lol
You are welcome, get back here if new questions arise.

[Camino]

Thx .unicorn I will gladly accept your offer. If I encounter some other problems regarding this subject, I will give you a PM.

THX m8.

BTW Your English isn't so bad at all, so don't feel bad about it OK!