Pieter E Smit a �crit :
> The problem, > > We connect to ftp server on the public side of the firewall. > Problem: ftp port moved to 1112, does not support passive mode. > Only one ip allowed on ftp server (need nat). > > Address translation work's fine for all except ftp, the control connection > still > fine, but the data connection is a problem. > > My understanding. : For address translation to work with normal ftp , the > ftp > packet containing the port command, specifying the port the server must use to > connect back to the client, must be intercepted by the firewall, ip changed, > and > incoming on the specified port forwarded back to the original host. > > How does Debian / Linux handle address translations, and funny protocols like > ftp, that open connections from the wrong side of a fire-wall ? > > Is there prox's for ftp, that support non standard port's ? TIS Firewall Tool kit supports that. Daniel ANDRE
