Manualshelf

HP-UX IPFilter Version A.03.05.14 Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP-UX IPFilter Software
131132133134135136137138139140
HP-UX IPFilter and FTP
Running an FTP Client
Chapter 7 119
Running an FTP Client
As with FTP servers, there are two types of FTP client transfers, active
and passive.
Active FTP
To let an FTP client open an active FTP session, configure IPFilter rules
to allow control connections out and data connections in.
pass out quick proto tcp from
<client-ip>
port > 1023 to any
port = 21 flags S keep state
pass in quick proto tcp from any port 20 to
<client-ip>
port >
1023 flags S keep state
block in from any to any
block out from any to any
NOTE FTP Proxy is not supported by HP. For a complete list of unsupported
utilities and commands, see “Unsupported Utilities and Commands” on
page 102.
FTP Server
Direction of
Connection
Initiated
FTP Client
port 21
control port
<---------------- any port 1024 or higher
port 20
data port
----------------> any port 1024 or higher