dslreports logo
 
    All Forums Hot Topics Gallery
spc
uniqs
13

nwrickert
Mod
join:2004-09-04
Geneva, IL

nwrickert to spi

Mod

to spi

Re: Is it safe to disable router's firewall?

SPI is not enough for active FTP. Rather, the router must monitor the data part of the packets to see what port is agreed to, create a special entry in its NAT table to handle that connection, and appropriately modify that data packet. Most home routers are designed to handle this.

Passive FTP will work without difficulty through a NAT router as long as no output blocking is being done.

If the FTP server is behind the NAT router, things are more complex and some home routers won't handle it properly.

spi
@66.128.17.x

spi

Anon

I think that actually depends on who you ask. A lot of companies like to market it as a fixup, inspect, alg, etc. According to wiki it is part of SPI. I do agree with you though. Deep packet inspection must be done to determine this. We are on the same page and at the basic level I am sure you explain it much better than I do. It appears some think that NAT does deep packet inspection to know how to handle these types of traffic however if you go by true network definitions NAT does not do this type of inspection. As you said the NAT table may be updated but NAT itself is not responsible for the actual intelligence.