Are you using linux?
Are you using APF?
APF will open up the requested port for passive FTP only after the connection is made and authenticated on port 21, so there's really no benefit in restricting passive FTP to a specific range.
That capability was built into the ProFTPd daemon before iptables, when you couldn't do that.
i'm using freebsd 4.x, but I belive it's the same for any version >4 (when ipfw became stateful)jlasman said:Sorry, but I don't really know the down and dirty details.
And if I did, it wouldn't help, because I don't know a thing about ipfw.
Any FreeBSD experts care to try an answer?
If you tell me which version of FreeBSD I'll move the thread to a FreeBSD forum where it might attract more knowledgeable responses.