6.2.3. File Transfer Protocol
Example 6.3. Protecting FTP Clients
In this scenario shown below the D-Link Firewall is protecting a workstation that will connect to FTP servers on
the internet.
To make it possible to connect to these servers from the internal network using the FTP ALG, the FTP ALG and
rules should be configured as follows:
Web Interface
Create the FTP ALG:
1.
Go to Objects > ALG > Add > FTP ALG
2.
Enter Name: ftp-outbound.
3.
Uncheck Allow client to use active mode.
4.
Check Allow server to use passive mode.
5.
Click OK.
Services:
1.
Go to Objects > Services > Add > TCP/UDP Service
2.
Now enter:
•
Name: ftp-outbound
•
Type: select TCP from the dropdown list
•
Destination: 21 (the port the ftp server resides on)
•
ALG: select the created "ftp-outbound"
3.
Click OK.
Rules (Using Public IPs). The following rule needs to be added to the IP rules if using public IP's; make sure there
109
Chapter 6. Security Mechanisms