[Guide Home]

The Web Hikers guide to
Outpost Firewall

 

Home > Rules > Preset Rules > FTP

Presentation

[Green colours with tiny sized fonts] [Green colours with medium sized fonts] [Green colours with large sized fonts]

[Orange colours with tiny sized fonts] [Orange colours with medium sized fonts] [Orange colours with large sized fonts]

[Blue colours with tiny sized fonts] [Blue colours with medium sized fonts] [Blue colours with large sized fonts]

[Grey colours with tiny sized fonts] [Grey colours with medium sized fonts] [Grey colours with large sized fonts]

Update Alert
Popup Glossary

About Presentation

FTP

Bottom

There are preset rules for the following FTP clients:

AbsoluteFTP
AceFTP
AutoSyncFTP
BulletProof FTP
Click FTP
CoffeeCup Direct FTP
Crystal FTP
CuteFTP
DC SmartFTP
FAR Manager
FileZilla
FlashFXP
FTP Commander
FTP Navigator
FTP Now
FTP Voyager
FTPRight

IglooFTP Pro
KenFTP
Magellan Explorer
Microviet Internet FTP
MiniFTP
NetLoad
PrimaSoft AutoFTP
RemFTP
SecureFX
Simply COOL FTP
Site Publisher
TurboFTP
WebFTP
Windows FTP Client
Windows Sockets FTP Client
WS_FTP

Default FTP client rules can be found in the General section.

AbsoluteFTP presets

AceFTP presets

AutoSyncFTP presets

BulletProof FTP presets

Click FTP presets

CoffeeCup Direct FTP presets

Crystal FTP presets

CuteFTP presets

DC SmartFTP presets

FAR Manager presets

FileZilla presets

FlashFXP presets

FTP Commander presets

FTP Navigator presets

FTP Now presets

FTP Voyager presets

FTPRight presets

IglooFTP Pro presets

KenFTP presets

Magellan Explorer presets

Microviet Internet FTP presets

MiniFTP presets

NetLoad presets

PrimaSoft AutoFTP presets

RemFTP presets

SecureFX presets

Simply COOL FTP presets

Site Publisher presets

TurboFTP presets

WebFTP presets

Windows FTP Client presets

Windows Sockets FTP Client presets

WS_FTP presets

Glossary Bottom Top

AbsoluteFTP connection
AceFTP connection
AutoSyncFTP connection
BulletProof FTP connection
Click FTP connection
CoffeeCup Direct FTP connection
Crystal FTP connection
CuteFTP connection
DC SmartFTP connection
FAR Manager FTP connection
FileZilla FTP connection
FlashFXP connection
FTP Commander connection
FTP Navigator connection
FTP Now connection
FTP Voyager connection
FTPRight connection

IglooFTP Pro connection
KenFTP connection
Magellan Explorer FTP connection
Microviet Internet FTP connection
MiniFTP connection
NetLoad FTP connection
PrimaSoft AutoFTP connection
RemFTP connection
SecureFX connection
Simply COOL FTP connection
Site Publisher FTP connection
TurboFTP connection
WebFTP connection
Windows FTP Client connection
WinFTP connection
WS_FTP connection

Protocol: TCP
Direction: Outbound
Remote Port(s): FTP (21)
Action: Allow It

What it's for

This rule is used for establishing FTP (File Transfer Protocol) connections to FTP servers to download a file.

FTP uses two channels to achieve the transfer, there is the control connection (this rule) which is used to send the necessary commands to achieve the transfer and a data channel (see FTP DATA) which is used to actually send the files with. The control connection is established from the client (which would be you) when the client logs into an ftp server, whereas the data channel is usually established by the server to the client after the client connects to the server.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP
Back to FTP

Glossary Bottom Top

AbsoluteFTP DATA connection
AceFTP DATA connection
AutoSyncFTP DATA connection
BulletProof FTP DATA connection
Click FTP DATA connection
CoffeeCup Direct FTP DATA connection
Crystal FTP DATA connection
CuteFTP DATA connection
DC SmartFTP DATA connection
FAR Manager FTP DATA connection
FileZilla FTP DATA connection
FlashFXP FTP DATA connection
FTP Commander DATA connection
FTP Navigator DATA connection
FTP Now DATA connection
FTP Voyager DATA connection
FTPRight DATA connection

IglooFTP Pro DATA connection
KenFTP DATA connection
Magellan Explorer FTP DATA connection
Microviet Internet FTP DATA connection
MiniFTP DATA connection
NetLoad FTP DATA connection
PrimaSoft AutoFTP DATA connection
RemFTP DATA connection
SecureFX DATAconnection
Simply COOL FTP DATA connection
Site Publisher FTP DATA connection
TurboFTP DATA connection
WebFTP DATA connection
Windows FTP Client DATA connection
WinFTP DATA connection
WS_FTP DATA connection

Protocol: TCP
Direction: Inbound
Remote Port(s): FTP DATA (20)
Action: Allow It

What it's for

This rule is used for establishing FTP (File Transfer Protocol) connections to FTP servers to download a file.

FTP uses two channels to achieve the transfer, there is the control connection (see FTP) which is used to send the necessary commands to achieve the transfer and a data channel (this rule) which is used to actually send the files with. The control connection is established from the client (which would be you) when the client logs into an ftp server, whereas the data channel is usually established by the server to the client after the client connects to the server.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP DATA
Back to FTP

Glossary Bottom Top

AbsoluteFTP PASV connection
AceFTP PASV connection
AutoSyncFTP PASV connection
BulletProof PASV FTP connection
Click FTP PASV connection
CoffeeCup Direct FTP PASV connection
Crystal FTP PASV connection
CuteFTP PASV FTP connection
DC SmartFTP PASV connection
FAR Manager PASV FTP connection
FileZilla PASV FTP connection
FlashFXP PASV FTP connection
FTP Commander PASV connection
FTP Navigator PASV connection
FTP Now PASV connection
FTP Voyager PASV connection
FTPRight PASV connection

IglooFTP Pro PASV connection
KenFTP PASV connection
Magellan Explorer PASV FTP connection
Microviet Internet FTP PASV connection
MiniFTP PASV connection
NetLoad FTP PASV connection
PrimaSoft AutoFTP PASV connection
RemFTP PASV connection
SecureFX PASV connection
Simply COOL PASV FTP connection
Site Publisher PASV FTP connection
TurboFTP PASV connection
WebFTP PASV connection
Windows FTP Client PASV connection
WinFTP PASV connection
WS_FTP PASV connection

There are two rules, one for Inbound and one for Outbound.

Protocol: TCP
Direction: Inbound
Local Port(s): 1024-65535
Action: Allow It

Protocol: TCP
Direction:Outbound
Remote Port(s): 1024-65535
Action: Allow It

What it's for

These rules are used for FTP transfers when using Passive FTP mode instead of Active FTP mode. An explanation of Passive and Active FTP is in order:

Active FTP
Your FTP client uses the FTP and FTP DATA rules for Active FTP transfers. In Active FTP transfers the client (in this case your FTP client) connects from a random unprivileged local port (those over port number 1023) to the servers FTP command port (21) to let the server know that it is waiting for a connection from the server. The client then starts listening on a port 1 number higher then the port it opened the connection on. So if your client connects to an FTP server from local port 1024 and establishes a connection with the servers FTP command port, the client would then start listening on port 1025 for incoming connections from the FTP server. Once the client starts listening the server establishes a connection from its FTP DATA port (20) to your local port that the client is now listening on.

This doesn't cause problems if you don't have a firewall, but when you do it can cause all kinds of headaches. The reason it is such a problem for a firewalled system is that the client doesn't initiate the transfer. It just tells the FTP server what port it's listening on and lets the FTP server establish a connection from the servers FTP DATA port. Firewalls normally block connections like this, otherwise anyone could connect to the listening port.

In order to get round this problem Passive FTP mode (PASV) was developed

Passive FTP
Passive FTP makes the client responsible for initiating both connections. The client opens two random local unprivileged ports with the second being one number high then the first (so if the first port is 1055 the second is 1056). The client then contacts the server FTP command port (21) from the first port it opened (in this example 1055).

Now here is the difference. Instead of asking the server to connect form it's FTP DATA port to a random local port on the client, the client tells the server (by sending the PASV command) to open a random unprivileged port of it's own (for this example 1026). The server then tells the client what port it's awaiting a connection on and the client connects from it's second port (in this example 1056) to the servers now listening port 1026. Thus both connections are initiated by the client and the client side firewall doesn't block the connection because it was started by the client.

But wait a minute! Doesn't this cause all kinds of problems for the server side firewall?
Yes it does, but servers have away round this. Most FTP servers allow a server administrator to specify a range of local ports the FTP server is allowed to open and use.

Most FTP cleints will have an option that allows you to use Passive FTP instead of Active FTP.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
More about FTP, FTP DATA
Back to FTP

Glossary Bottom Top

Crystal FTP new version check

Protocol: TCP
Direction: Outbound
Remote Port(s): HTTP (80)
Action: Allow It

What it's for

This rule is used when you try and update Crystal FTP. HTTP (Hyper Text Transfer Protocol) is the main port used to browser the Internet.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the server you connect to to update.
More about HTTP
Back to FTP

Glossary Bottom Top

CuteFTP HTTP connection

Protocol: TCP
Direction: Outbound
Remote Port(s): HTTP (80), 81-83, HTTPS (443), SOCKS (1080), 3128, 8080, 8088, 11523
Action: Allow It

What it's for

This rule is used by CuteFTP for all file transfers with HTTP (Hyper Text Transfer Protocol). This is the only port you really need for downloading, ports 81, 82, 83 are auxiliary web browsing ports and are rarely used. HTTPS (Hyper Text Transfer Protocol over Secure Socket Layer (SSL)) is used for secure sites. SOCKS is only needed by people using a SOCKS proxy server. 3128, 8080, and 8088 are common ports that proxy servers use. 11523 is used by AOL's browser.

To optimize

Remove the remote ports: 81, 82, 83 unless you know that you need them. If you don't use a SOCKS proxy server remove SOCKS. If you don't use a remote or local proxy remove 3128, 8080 and 8088. Most people can just remove all ports except for HTTP. If you don't use AOL's browser remove 11523.
More about HTTP, HTTPS, SOCKS, PROXY
Back to FTP

Glossary Bottom Top

SecureFX SFTP connection

Protocol: TCP
Direction: Outbound
Remote Port(s): SFTP (22 also associated with SSH)
Action: Allow It

What it's for

This rule is used for establishing secure FTP (File Transfer Protocol) connections to FTP servers to download a file. SFTP is a replacement for FTP that runs over an ssh tunnel.

To optimize

Add an Event for 'Remote Host' and specify the 'Remote Host' as the FTP server you use.
Back to FTP

Glossary Top

 

Outpost and the Outpost logo are ©Agnitum Software

This is an unofficial guide, the information expressed here may differ from Agnitum's. There is a support forum (no longer run by Agnitum, but by users) if you need more help this is a good place to start. Where information here conflicts with what Agnitum have told you always go with the information given to you by Agnitum.

 

Guide/site and images ©Stephen Cox