You are right. I can't remember where I got the impression that by issuing "literal PASV" can put a client into passive mode (which is very wrong).

dennis2 (Dennis)
Oh wait, I vaguely remember it was from a support document of a software package I used to support that made use of command line ftp client on windows.

So their concept is so screwed up and I didn't pay much attention to it. Me bad!

Anyway, like you said, ALG is more appropriate. Quite a few packet filtering firewalls (fw-1, pix, linux iptables) were having problems with port command when protecting ftp servers in DMZ. I'd blame the protocol -- it's just so hard to get it right.
2001-6-26 -04:00
This post has been archived. It cannot be replied.
Page address has been copied. To share, click to copy page address.
Share Online by QR Code

Back To Topic: 用LINUX网关,打开单向NAT之后发现无法建立WINDOWS客户端FTP连接的数据传输通道,哪位大侠能帮我,谢谢。

Back To Forum: HOME枫下论坛枫下论坛主坛工作学习IT技术讨论