Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Passive FTP assistance

Linux_FTP_Server---(i)Pix(o)----Linux_FTP_Client

Pix is running version 7.2(2)

FTP_Server: 192.168.1.2/24

Pix inside: 192.168.1.1/24

Pix outside: 1.1.1.1/24

FTP_client: 1.1.1.10/24

static (inside,outside) 1.1.1.2 192.168.1.2 netmask 255.255.255.255

access-list External permit icmp any host 1.1.1.2 log

access-list External permit tcp any host 1.1.1.2 eq 21 log

access-group External in interface outside

Is it possible to allow ONLY passive FTP through the firewall? In other words,

FTP_client can only do passive ftp with the

server. Active FTP will be rejected by the

firewall.

If it is possible, how does one go about

doing it?

Thanks.

3 REPLIES
Silver

Re: Passive FTP assistance

Anyone know the work-around on the firewall

for this? Thanks.

New Member

Re: Passive FTP assistance

If you remove the FTP inspection and opened access to your server on port 21 and 20...it might prevent passive FTP

--Gavin Budd

Silver

Re: Passive FTP assistance

Have you tried it and that it works for you?

CCIE Security

295
Views
0
Helpful
3
Replies
CreatePlease to create content