ftp and ftp-data?

sleepingandrew · ‎03-22-2004

Hi,

In PIX access list, what is the difference between the two? If I what to permit normal ftp access to my internal server, do I need to open both? or just ftp? What is ftp-data for then?

Thanks.

r.crist · ‎03-22-2004

FTP uses two ports, one for control and one for data. The client initiates a session on the server's control port (tcp:21), then the server initiates a session to the client from its data port (tcp:20). You just need to allow port 21 inbound, the port 20 session is established outbound to the requesting client.