[CentOS] FirewallD and FTP passive mode
James Hogarth
james.hogarth at gmail.comThu May 5 19:18:10 UTC 2016
- Previous message: [CentOS] FirewallD and FTP passive mode
- Next message: [CentOS] FirewallD and FTP passive mode
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 5 May 2016 4:54 p.m., "Gordon Messmer" <gordon.messmer at gmail.com> wrote: > > On 05/05/2016 06:15 AM, Marcin Trendota wrote: >> >> Also this IP looks weird - shouldn't it be public IP? > > > > Yes, it should. Are you using FTPS (FTP with TLS)? > > You probably need to set the pasv_address option. > > > Although of course FTPS (FTP over SSL) breaks the snooping required for the related conntracking which makes firewall configuration hell. Do yourself a favour and drop FTP, switching over to SFTP instead as that's far easier to secure and you only have to care about the single TCP port for firewalls.
- Previous message: [CentOS] FirewallD and FTP passive mode
- Next message: [CentOS] FirewallD and FTP passive mode
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list