Dave, Lemme give this a try..
> > No matter it is active or passive open, the modem stateful will need > to > > open > > the "hole" by listening to the control channel for "port" and "pasv" > > comamnd. > > You lost me here. Since the passive open has the connection initiated > by the client, there is no need for the firewall around the client to > open a port based on listening to the control channel, right? > if there is a fw X on the path to the server, fw X may have to look at the PASV response and open a hole for the subsequent data traffic from the client. something like a dynamic (created on-the-fly) outbound access list. > > The hole is opened only on the firewall which is dealing the > > control channel. If the data channel goes to another file, apparently > this > > will not work. > > I don't see why not. It's just another outgoing TCP connection. > coz data from the client may be going thru a different device Y, which is being blocked by the fw on that device. fw Y doesn't have the hole to let the traffic go through. Hope this helps. -- Suresh -------------------------------------------------------------------- IETF IPv6 working group mailing list [EMAIL PROTECTED] Administrative Requests: https://www1.ietf.org/mailman/listinfo/ipv6 --------------------------------------------------------------------