Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
310
Views
0
Helpful
1
Replies

FTP fixup in reverse?

jkell
Level 1
Level 1

‎05-18-2006 12:35 PM - edited ‎03-09-2019 02:58 PM

What are the configuration requirements to allow access to an inside FTP server from the outside? Does this work for passive mode?

FTP fixup handles the related connections and fixups for inside clients going to outside servers, but does it do the same for an inside server once the command path (tcp/21) connections is allowed outside-to-inside?

Active mode seems to work (inside source port 20 to outside ephemeral port) by default, but does passive mode?

Labels:
0 Helpful
1 Reply 1

fmeetz
Level 4
Level 4

‎05-24-2006 10:00 AM

To allow access to an inside FTP server from outside, you would need the following:

static translation for the IP address of the FTP server.

access-list to permit traffic from outside to inside for the port TCP/21for the FTP server

fixup protocol ftp command to ask PIX to allow the data ports that will be negociated during the connection setup.

required routing

In passive mode, both control and data channels are initiated by the FTP client.

0 Helpful
Customers Also Viewed These Support Documents