D-Link DFL-2500 User Guide - Page 167
FTP Connections
View all D-Link DFL-2500 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 167 highlights
148 Chapter 18. Application Layer Gateway (ALG) 18.2 FTP The File Transfer Protocol (FTP) is a TCP/IP-based protocol to exchange files between a client and a server. The client initiates the connection by connecting to the FTP server. Normally the client needs to authenticate itself by providing a predefined login and password. After granting access, the server will provide the client with a file/directory listing from which it can download/upload files (depending on access rights). The FTP ALG is used to manage FTP connections through the firewall. 18.2.1 FTP Connections FTP uses two communication channels, one for control commands and one for the actual files being transferred. When an FTP session is opened, the FTP client establishes a TCP connection (the control channel) to port 21 (by default) on the FTP server. What happens after this point depends on the mode of FTP being used. Modes There are two modes, active and passive, describing the role of server in respect to opening the data channels In active mode, the FTP client sends a command to the FTP server indicating what IP address and port the server should connect to. The FTP server establishes the data channel back to the FTP client using the received address information. In passive mode, the data channel is opened by the FTP client to the FTP server, just like the command channel. This is the recommended default mode for FTP clients, according to the "firewall-friendly FTP" RFC. Security Issues Both modes of FTP operation present problems for firewalls. Consider a scenario where an FTP client on the internal network connects through the firewall to an FTP server on the Internet. The IP rule in the firewall is then configured to allow network traffic from the FTP client to port 21 on the FTP server. D-Link Firewalls User's Guide