Michael Leone on 11 Aug 2015 07:19:55 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] If not SFTP, how's about FTPS?

On Tue, Aug 11, 2015 at 10:06 AM, Matt Mossholder <matt@mossholder.com> wrote:
> On Tue, Aug 11, 2015 at 9:57 AM, Michael Leone <turgon@mike-leone.com>
> wrote:
>> Anyone? My firewall guy tells me that there are no rules blocking me
>> from doing this (not from my trusted zone into my DMZ, anyway). So
>> it's not a firewall block. Any ideas what might be causing this?
> My guess is the firewall is blocking the ftp-data connections. FTPS works
> the same way as FTP (two channels, command and data). You've established
> that your command channel works by establishing a connection, but your FTP
> server will be making connections back to clients on dynamically allocated
> data ports to return the results of the commands. Unless you have defined a
> range of ports in your firewall for use by FTPS, you probably won't be able
> to receive the data back from the server.
> Most intelligent firewalls (these days) watch non-SSL FTP traffic and
> dynamically open the required ports. That obviously doesn't work with SSL.

No blocking of ports from trusted zone to DMZ (or back, from an
established connection). According to my guy, anyway. It's a
Checkpoint firewall. Nothing shows in it's logs, to show blocking of
traffic from DMZ to trusted zone.
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug