[ previous ] [ next ] [ threads ]
 
 From:  Marko Vukovic <marko at aquamanta dot co dot za>
 To:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] ftp question
 Date:  Thu, 20 Oct 2005 18:27:52 +0200
Ed Chatlos wrote:
> I wish M0n0 dealt with FTP better. I have used many different router and 
> never had any problem with any of them accessing my home LAN FTP server 
> except M0n0. All I had to do was forward port 21 to the IP of the PC 
> running the FTP server and create a firewall rule for it, on routers 
> that do have a real firewall, and BAM I can connect from a remote 
> location. NOT so with M0n0. You have to jump through many hoops to get 
> it to work. I have now stopped using M0n0 on a everyday basis and gone 
> back to my Zyxel ZyWall5 for just this reason.
> That is what I would like to see in future releases.

Why bother even having a firewall at all if you are allowing incoming 
FTP connections to your LAN? You should almost *never* run public 
services on LAN machines, that is what the DMZ is for. Services such as 
passive FTP require that the Firewall must jump through many hoops, 
including opening random high ports and/or running an 
application-specific proxy. IMHO this just increases the security risk 
and therefore is *not* something you want on your Firewall.

Forget about FTP anyway, use SCP or rsync. Oh, and good luck with your 
Zyxel :p

--
Marko