beautypg.com

N in, Figure 260 – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 304

background image

283

Figure 260 ALG-enabled FTP application in passive mode

The communication process includes the following steps:

1.

Establishing a control connection.
The host sends a TCP connection request to the server. If a TCP connection is established, the server
and the host enter the user authentication stage.

2.

Authenticating the user.
The host sends to the server an authentication request, which contains the FTP commands (user and
password) and the contents.
When the request passes through the ALG-enabled device, the commands in the payload of the
packet are resolved and used to check whether the protocol state transition is correctly proceeding.

If not, the request will be dropped. In this way, ALG protects the server against clients that send
packets with state errors or log in to the server with unauthorized user accounts.
An authentication request with the correct state is forwarded by the ALG-enabled device to the
server, which authenticates the host according to the information in the packet.

3.

Establishing a data connection.
If the host passes the authentication, a data connection is established between the host and the
server. If the host is accessing the server in passive mode, the server sends to the host a PASV

response by using its private network address and port number (IP1, Port1). When the response

arrives at the ALG-enabled device, the device resolves the packet and translates the server's

private network address and port number into the server's public network address and port
number (IP2, Port2). Then, the device uses the public network address and port number to establish

a data connection with the host.

4.

Exchanging data.
The host and the FTP server exchange data through the established data connection.

Inside network

Outside network

FTP server

Host

Device

FTP-ALG enabled

NAT

FTP_CMD(“PASV”)

FTP_CMD(“PASV”)

FTP_EnterPassive(“IP1, Port1”)

ALG

IP1, Port1-------

>

IP2, Port2

FTP_EnterPassive(“IP2, Port2”)

FTP_Connet(IP2, Port2)

FTP_Connet(IP1, Port1)

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: