FTP in front of wirewall or not?

[Steve Grosz]

I was wondering if there was a good reason to have a ftp server behind a
firewall on a internal IP or would it be better to have it out in front with
a public IP and software firewall on it. And then just route via dns to
either one.

Any suggestions would be appreciated.

Thanks,
Steve

 

[Wizzle]

You can put it behind the firewall. All you need to do is to open the ports
for ftp on the firewall.. port 20, 21

Wesley
MCSE

 

[Lanwench [MVP - Exchange]]

Depends what traffic you want to let into your private network. I'd put it
in the DMZ, if it were up to me...and not open up anything dangerous between
DMZ and LAN. Don't use anonymous FTP, either.

 

[Jonathan de Boyne Pollard]

SG> I was wondering if there was a good reason to have a ftp
SG> server behind a firewall on a internal IP or would it be
SG> better to have it out in front with a public IP and
SG> software firewall on it.

The decision criteria relate to the _other_ services that the machine
provides, and to what actual access to the machine is available via FTP.

None of these are DNS issues, though.