Running an FTP Client

As with FTP servers, there are two types of FTP client transfers, active and passive.

Active FTP

FTP Server	Direction of Connection Initiated	FTP Client
port 21 control port	<----------------	any port 1024 or higher
port 20 data port	---------------->	any port 1024 or higher

To let an FTP client open an active FTP session, configure IPFilter rules to allow control connections out and data connections in.

pass out quick proto tcp from <client-ip> port > 1023 to any port = 21 flags S  keep state 
pass in quick proto tcp from any port 20 to <client-ip> port > 1023 flags S  keep state
block in  from any to any 
block out from any to any




	NOTE: FTP Proxy is not supported by HP. For a complete list of unsupported utilities and commands, see “Unsupported Utilities and Commands”.

Passive FTP

FTP Server	Direction of Connection Initiated	FTP Client
port 21 control port	<----------------	any port 1024 or higher
any port 1024 or higher data port	<----------------	any port 1024 or higher

To let an FTP client open a passive FTP session, configure IPFilter to allow both the control and data connections out.

Use the following ruleset for client-side, passive FTP:

pass out quick proto tcp from <client-ip> port > 1023 to any port = 21 flags S  keep state 
pass out quick proto tcp from <client-ip> port > 1023 to any port > 1023 flags S keep state
block in  from any to any 
block out from any to any




	TIP: For stronger security, configure IPFilter to allow only active FTP connections from FTP servers.

Running an FTP Client

Technical documentation

» Table of Contents

» Index

Active FTP

Passive FTP