2.1 Basic Access Lists || IOS firewall

hello

in this task i found

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Extended IP access list INBOUND

60 permit tcp any eq ftp-data any

!!!!!and!!!!!

Extended IP access list OUTBOUND

130 permit tcp host 150.1.1.1 range ftp-data ftp any

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

the question is why we didn't permit both ftp-data and Ftp in INBOUND as below

Extended IP access list INBOUND

60 permit tcp any eq ftp-data ftp  any

as the inside servers act as FTP servers which means the servers talk to the outside with source port 21

 

 

any idea ?

 

Comments

  • Hi Malaksamir,

    Which version of the WB are you using? What I can see from the SG is that they are allowing both tcp port 20 and 21 inbound, which correspondes to ftp-data and ftp control respectively:

    permit tcp any host 150.1.1.1 range 20 21

    Please let me know.

    HTH

    Good luck!

Sign In or Register to comment.