Enabling alg, Alg configuration examples, Ftp alg configuration example – H3C Technologies H3C SecPath F1000-E User Manual
Page 47: Network requirements
3
If the host passes the authentication, a data connection is established between it and the server. Note
that if the host is accessing the server in passive mode, the data connection process is different. In passive
mode, the server sends to the host a PASV response using its private network address and port number
(IP1, Port1). When the response arrives at the ALG-enabled device, the device resolves the packet and
translates the server’s private network address and port number into the server’s public network address
and port number (IP2, Port2) respectively. Then, the device uses the public network address and port
number to establish a data connection with the host.
4.
Exchanging data
The host and the FTP server exchange data through the established data connection.
Enabling ALG
Follow these steps to enable ALG:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Enable ALG
alg { all | dns | ftp | gtp |
h323 | ils | msn | nbt | pptp |
qq | rtsp | sccp | sip | sqlnet
| tftp | xdmcp }
Optional
Enabled for all protocols by default
ALG Configuration Examples
NOTE:
The following examples describe only ALG-related configurations, assuming that other required
configurations on the server and client have been done.
FTP ALG Configuration Example
Network requirements
As shown in
, a company accesses the Internet through a device with NAT and ALG enabled. The
company provides FTP services to the outside. The inside network segment of the company is
192.168.1.0/24, and the IP address of the FTP server is 192.168.1.2. You need to configure NAT and ALG
to meet the following requirements:
•
The host in the outside network can access the FTP server in the inside network.
•
The company has four public network addresses: 5.5.5.1, 5.5.5.9, 5.5.5.10, and 5.5.5.11, and the
FTP server uses the public network address of 5.5.5.10 to provide services to the outside.