[ Charset ISO-8859-1 unsupported, converting... ] > * When using IPfilter FTP proxy and NAT, does IPfilter > have the ability to translate the IP address and port > numbers that are embedded in the FTP payload?
Yes. > * Does the FTP proxy (or any other application proxy > that ipfilter supports) run as a "true" proxy(i.e. > terminate the TCP or UDP connection from the client > and initiate a new TCP or UDP connection to the > server)? No, but you can compile software to work like that. > * If the FTP proxy doesn't run in "true" proxy mode, > does ipfilter reassemble non-local (ie strictly > transit) TCP packets to parse the complete FTP header > and relevant payload? No, but what it does do is force the TCP control stream to be in-order (out of order data is dropped, it'll be retransmitted later) and it buffers data from successive packets to build up commands. However, it's built around the idea of providing NAT services to clients, where you're unlikely to see "bad data" because if you do, it won't work. Darren
