httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chuck Murcko <ch...@topsail.org>
Subject Re: mod_proxy/2770: FTP proxy over firewall fails (fwd)
Date Mon, 03 Aug 1998 17:47:44 GMT
Yep. The firewall has to support either active or passsive FTP, and the
associated ports. Trouble is, lots of people seem to think closing off
all the high-numbered ports is a security win.

PASV is tried first, because it's safer to establish two outbound
connects than to allow an inbound one, perhaps into your internal net.

The proxy should try to establish an active connect if the data connect
for PASV fails.

Marc Slemko wrote:
> 
> Erm... I would suggest that they just shouldn't do that and that their
> firewall config is broken.  Even when things are changed to do what they
> suggest, they say it doesn't work right so I'm not sure the sense of
> changing them.
> 
> Either the proxy has to be able to open a connection to the server for the
> data transfer or the server has to be able to open a connection to the
> proxy.  Period.
> 
-- 
chuck
Chuck Murcko            The Topsail Group             West Chester PA
USA
chuck@topsail.org

Mime
View raw message