On Fri, Feb 13, 2004 at 07:05:42PM +0100, Adam ENDRODI wrote: > On Thu, Feb 12, 2004 at 11:57:26AM +0200, Michael Wood wrote: [snip] > > I'm not sure why it aborts before the authentication, but even if that > > worked, I don't see how anything that requires an ftp-data connection > > could work through a NAT box. I have never used FTP-TLS and have not > > read any RFCs related to it, but unless it works more like HTTP than > > FTP, it's not going to work through NAT. > > It does. One of my test boxen is a Windows 98 and is behind > two firewalls and three levels of NAT (actually, masquerading). > It works the same way as "Firewall-friendly" (i.e. passive) FTP, > though not under any circumstances it seems, to my despair :( > > > For normal FTP, the NAT box watches the FTP command channel and when it > > notices the PORT command or a reply from the PASV command, it sets up a > > rule for the data connection. When the command channel is encrypted it > > cannot do this. > > The firewall does not need to watch the PASV commmand unless the > *server* is behind the NAT. For the client, it is unnecessary > because there is nothing in the PASV line to translate.
Ahhh yes, sorry. Wasn't thinking :) -- Michael Wood <[EMAIL PROTECTED]>
