From: Raymond Leach <raymondl@knowledgefactory.co.za>
To: Kelly Setzer <Kelly.Setzer@placemark.com>
Cc: Netfilter Mailing List <netfilter@lists.netfilter.org>
Subject: Re: block kazaa
Date: 26 Mar 2003 17:14:36 +0200 [thread overview]
Message-ID: <1048691675.1427.50.camel@raylinux.internal> (raw)
In-Reply-To: <20030326150659.GA29683@placemark.com>
[-- Attachment #1: Type: text/plain, Size: 2136 bytes --]
Some ftp servers out there do not support or have fallback to passive
ftp.
On Wed, 2003-03-26 at 17:06, Kelly Setzer wrote:
> On Wed, Mar 26, 2003 at 07:30:19AM +0200, Raymond Leach wrote:
> > On Tue, 2003-03-25 at 23:27, paulc@ibiblio.org wrote:
> > > The way I block Kazaa (and the other file sharing applications) is a
> > > blanket ban on all ports by default. I then open the ports as I think is
> > > appropriate at the firewall. These only include the port 23 for anyone
> > > wishing to use telnet. All web and ftp style ports on 80, 21 and the like
> > > are handled by a web-proxy to prevent using them for other purposes. All
> > > incoming connects (and lots of ICMP messages) are dropped by the firewall also.
> > >
> > How do you get passive ftp to work and not allow file sharing networks?
>
> Do you mean active ftp? Passive ftp uses outbound connections for
> both control (20) and data (21). Active ftp uses an inbound
> connection on port 21. Force your users to use passive ftp only.
> Most clients default to that anyway.
>
> Kelly
>
> --
> Kelly Setzer, System Administrator/Architect - Placemark Investments
> 14180 Dallas Pkwy, Suite 200, Dallas, TX 75240
> kelly.setzer@placemark.com http://www.placemark.com
> (972)404-8100x41 (work) (214) 287-3464 (cell)
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
( Raymond Leach )
) Knowledge Factory (
( )
) Tel: +27 11 445 8100 (
( Fax: +27 11 445 8101 )
) (
( http://www.knowledgefactory.co.za/ )
) http://www.saptg.co.za/ (
( http://www.mapnet.co.za/ )
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
o o
o o
.--. .--.
| o_o| |o_o |
| \_:| |:_/ |
/ / \\ // \ \
( | |) (| | )
/`\_ _/'\ /'\_ _/`\
\___)=(___/ \___)=(___/
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
next prev parent reply other threads:[~2003-03-26 15:14 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20030325183312.2501.87766.Mailman@kashyyyk>
2003-03-25 21:27 ` block kazaa paulc
2003-03-25 21:45 ` Kelly Setzer
2003-03-26 5:30 ` Raymond Leach
2003-03-26 8:14 ` Paul Colclough
2003-03-26 15:06 ` Kelly Setzer
2003-03-26 15:14 ` Raymond Leach [this message]
2003-03-27 21:14 per j
-- strict thread matches above, loose matches on Subject: below --
2003-03-25 14:46 realsite internetcafe
2003-03-25 15:27 ` Scott Radvan
2003-03-25 15:57 ` Maciej Soltysiak
2003-03-26 5:22 ` Raymond Leach
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1048691675.1427.50.camel@raylinux.internal \
--to=raymondl@knowledgefactory.co.za \
--cc=Kelly.Setzer@placemark.com \
--cc=netfilter@lists.netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.