[NCLUG] how to I permit a user to use FTP?

Eugene Berta e_berta at plutospin.com
Thu May 11 14:13:52 MDT 2006


Luke,

Yes, it looks like FC's default firewall does not
support the concept of "inbound" and "outbound". For
FTP I think part of the problem is the concept of
"active" connections-- see
http://slacksite.com/other/ftp.html for a good
technical description. Altas, unless you are willing
to muck around with your system by installing a more
advanced firewall GUI (firestarter might work-
http://www.fs-security.com) or are willing to do it
hacker style (iptables) I do not think the FC suite
gives you an easy option to just enable "outbound"
FTP.
You might just have to risk the slightly increased
security risk of enabling FTP in the firewall and
making sure you are not running any ftpd (ftp server)
in system-config-services. Basically a hacker would
already have to have your system compromised to set up
an ftpd so the added risk of enabling FTP in the
firewall is minimal.

Gene


--- "S. Luke Jones" <slukejones at gmail.com> wrote:

> I'm running FC4 (yes, plans to upgrade to FC5, Real
> Soon Now). The way
> I configured it I can't access FTP sites as a user.
> I used the
> system-config-securitylevel tool to "enable
> firewall" and the services
> I enabled are "Secure WWW (HTTPS)", "WWW (HTTP)",
> and "SSH". That
> works for 99.3% of what I do, but I'd like to be
> able to access FTP
> sites as well. Right now I can't. But I only want to
> be an FTP client,
> never a server. Nobody needs to access this machine.
> What is the least
> permissive way of allowing me to function as an FTP
> client?
> -- 
> Luke Jones  slukejones at gmail.com (609)439-7856
> _______________________________________________
> NCLUG mailing list       NCLUG at nclug.org
> 
> To unsubscribe, subscribe, or modify
> your settings, go to:
> http://www.nclug.org/mailman/listinfo/nclug
> 




More information about the NCLUG mailing list