[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [BEHAVE] Re: CPE equipments and stateful filters
Hi,
On Mon, Jul 30, 2007 at 12:15:11PM -0700, Dan Wing wrote:
> Passive-mode FTP (using the "PASV" verb) has been supported on
> all modern FTP clients and FTP servers for a long time (going on a
> decade for most FTP clients and FTP servers). Passive-mode FTP
> causes the TCP data connection to be initiated by the FTP client (as
> is the TCP control connection), which eliminates the need for any ALG
> or ALG-like function in NATs and in firewalls. Is there a reason
> passive FTP can't simply be mandated for v6, so we can avoid FTP-aware
> ALGs?
Correct me if I'm wrong - but you'll need "firewall support" for
PASV / EPSV ftp as well, just on the other side of the connection.
If you run your server behind a firewall (which is a pretty common thing
to do), and want to offer FTP services, the firewall needs to know which
port to open for PASV connections.
Gert Doering
-- NetMaster
--
Total number of prefixes smaller than registry allocations: 113403
SpaceNet AG Vorstand: Sebastian v. Bomhard
Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann
D-80807 Muenchen HRB: 136055 (AG Muenchen)
Tel: +49 (89) 32356-444 USt-IdNr.: DE813185279