Re: FTP-TLS
On Fri, Feb 13, 2004 at 07:05:42PM +0100, Adam ENDRODI wrote:
> On Thu, Feb 12, 2004 at 11:57:26AM +0200, Michael Wood wrote:
[snip]
> > I'm not sure why it aborts before the authentication, but even if that
> > worked, I don't see how anything that requires an ftp-data connection
> > could work through a NAT box. I have never used FTP-TLS and have not
> > read any RFCs related to it, but unless it works more like HTTP than
> > FTP, it's not going to work through NAT.
>
> It does. One of my test boxen is a Windows 98 and is behind
> two firewalls and three levels of NAT (actually, masquerading).
> It works the same way as "Firewall-friendly" (i.e. passive) FTP,
> though not under any circumstances it seems, to my despair :(
>
> > For normal FTP, the NAT box watches the FTP command channel and when it
> > notices the PORT command or a reply from the PASV command, it sets up a
> > rule for the data connection. When the command channel is encrypted it
> > cannot do this.
>
> The firewall does not need to watch the PASV commmand unless the
> *server* is behind the NAT. For the client, it is unnecessary
> because there is nothing in the PASV line to translate.
Ahhh yes, sorry. Wasn't thinking :)
--
Michael Wood <mwood@its.uct.ac.za>
Reply to:
- References:
- FTP-TLS
- From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>
- Re: FTP-TLS
- From: Michael Wood <mwood@its.uct.ac.za>
- Re: FTP-TLS
- From: Adam ENDRODI <borso@vekoll.saturnus.vein.hu>