|
Question : Which is safest, PASV or ACTIVE FTP for my Windows 2003 server?
|
|
I have an FTP setup on my WIndows 2003 box and I'm at the point of configuring my router to allow certain ports. From what I read, I have to open up ports above 1023 but that doesn't sound safe at all. Which method is better PASV or ACTIVE and what do I have to open up on my firewall for this. I'm really nervous about opening up a bunch of ports, but still need my FTP to work from anyone on the outside, regardless of what FTP client or OS they are using.
|
Answer : Which is safest, PASV or ACTIVE FTP for my Windows 2003 server?
|
|
you dont have to open up ports for ACTIVE - you only have 21 open. the > 1023 port issue is the originating port from the client.
Active FTP : command : client >1023 -> server 21 data : client >1023 <- server 20
PASV ftp means you do have to open up ports > 1023 so that the client can initiate both sessions.
Passive FTP : command : client >1023 -> server 21 data : client >1023 -> server >1023
So not only is ACTIVE easier to set up - but with less port issues, it would be more secure. It is just harder for clients to deal with behind firewalls.
|
|
|
|