@SerpentFly wrote:
With the FW on 3rd level security if I permit 21/TCP out and I block all the other outgoing traffic passive ftp doesn’t work.
FTP active mode uses two TCP sessions, one on server port 21 is a control channel and another data channel on server port 20. Control channel is established by client and data channel is established by server as a response on PORT command.
In passive mode both control and data channels are established by client. Data channel uses arbitrary ports >1024 on both server and client sides. In you case blocking all outgoig connections except port 21 does not allow client to establish data channel and FTP in passive mode does not work.
Dear SerpentFly
first of all I excuse for I’m late on answering you, I was busy with university: my porfessor Federico Simonetti of University of Milan says hello to you 🙂
What I’d like to ask you is: is there any way to make NetFW look at the PORT command in the control connection on 21 TCP port to automatically open the port the server wants to use to transfer data? As an example, Netfilter/IpTables can do it, and other commercial firewalls as well.
Thank you so much for your attention
Andrea