Anonymous FTP

The firewall also allows for an anonymous FTP server to be run. This server is set up in such a way that accesses to port 21 (the usual FTP control port) which come from either the firewall itself or untrusted clients will be directed to the anonymous FTP server, while access to this port from a trusted client will connect to the FTP proxy, if FTP proxy entries are defined. If users are authorised to use the FTP proxy but instead wish to access the anonymous FTP server, they should enter the user name `ftp' at the FTP login prompt.

Run Public FTP Server

If set to YES, then a publicly accessible FTP service will be run on the firewall on port 21. This can be simply a relay to some other host on the internal network or in the DMZ, or it can be be an FTP server on the firewall itself.

Host

If the public FTP service is simply a relay, then the IP address of the real server should be entered here. If an FTP server is to be run on the firewall itself then this field should be left blank.

Allow Uploads/Download Only

This is a toggle field that sets whether anonymous FTP users are allowed to upload files, or only to download.

Session Upload Limit

This specifies the maximum amount of data, in megabytes, that a user using the anonymous FTP service can upload during a single session.

Total FTP Space

This specifies the total amount of space that is available for anonymous FTP uploads. If more than this amount is used, then no more uploads will be allowed.

See Section 4.6.9 for more information about how these limits should be used.

Note that connections to the anonymous FTP server are done via the FTP proxy; this, together with packet filtering restrictions, means that the anonymous FTP service does not support passive mode. This may affect access to the service from Web browser clients. If this is a serious problem, you may want to make the files in the anonymous FTP area accessible via a public WWW service, and use `http' URLs rather than `ftp' URLs.