|
Posted by Alexander Dalloz on January 15, 2007, 4:46 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Sun, 14 Jan 2007 13:35:18 +0000 Marcus Mender wrote:
> I have to setup a ftp server and would like to enable TLS.
>
> I have to configure the firewall as well.
>
> Is there a different standard port for TLS (for ftp its 21)?
No
> Maybe its a pair of ports similarly to the standard ftp: 21 + 22
Ports are 20 and 21 if you are speaking about active FTP [1].
> One port for data and one port for protocol negotiations?
Yes
> Is there a difference if I use "implicit" or "explicit" TLS mode ?
Yes, see http://en.wikipedia.org/wiki/FTPS:
"Implicit FTPS is an older, but still widely implemented style in which
the client connects to a different port (usually 990), and an SSL
handshake is performed before any FTP commands are sent."
> Marcus
Basically the same decisions regarding firewalling (active or/and passive
FTP) applies to the situation when using TLS secured FTP. But in addition,
if your firewall is doing NAT as well there is a rather big chance that
FTP connections with TLS security will fail.
http://www.ford-hutchinson.com/~fh-1-pfh/ftps-ext.html
Alexander
[1] http://slacksite.com/other/ftp.html
--
Alexander Dalloz | Löhne, Germany | GPG http://pgp.mit.edu 0xB366A773
legal statement: http://www.uni-x.org/legal.html
Fedora Core 2 GNU/Linux on Athlon with kernel 2.6.11-1.35_FC2smp
Serendipity 10:36:33 up 1 day, 12:03, load average: 0.22, 0.24, 0.19
| 
XML site map