On Mon, Apr 15, 2013 at 02:50:23PM +0400, Lev Serebryakov wrote: > KP> I'm however talking about an ftp client behind a very restrictive > KP> firewall making an IPv6 connection an ftp server that uses passive > KP> mode data ports that can't be known in advance. > Same solution -- inspection of connections to 21 port, without any > address translation. And if FTP server uses non-standard control > port, yes, here is a problem, but it cannot be solved with NAT too > (or your NAT/firewall should expect each and every connection for FTP > commands, which is heavy and error-prone task).
Not heavy. But error-prone, yes. _______________________________________________ freebsd-current@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
