Pix firewalls and FTP - "ftp", or "ftpdata"

Discussion in 'Cisco' started by thefunnel, Sep 13, 2007.

  1. thefunnel

    thefunnel Guest

    Hi,

    I would like to allow FTP access to a host on the inside of my Pix
    525. I notice I can configure an access rule (via PDM). I notice I can
    choose from "ftp" and "ftpdata" on the list of predefined services? Im
    guessing this is ports 20 and 21. Unfortunately I can only choose one
    at a time without creating a "service group" and adding both. This
    seems a bit excessive as I thought FTP would be a common service to
    allow inbound . Can I get away with just adding "ftp" or JUST
    "ftpdata"

    Many thanks,

    Paul
     
    thefunnel, Sep 13, 2007
    #1
    1. Advertisements

  2. Only allow ftp (21/TCP). The other ports are automatically opened by the PIX
    using fixup ftp or inspect ftp (which is default).
     
    Lutz Donnerhacke, Sep 13, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.