Re: [nsp] Regarding CBAC

• Next message: RSMANI: "[nsp] Meaning of BGP parameter.."
• Previous message: dylan greene: "Re: private AS peering"
• In reply to: RSMANI: "[nsp] Regarding CBAC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

On Tue, Aug 22, 2000 at 09:27:59AM +0530, RSMANI wrote:
> ip inspect name myrule tcp
> ip inspect name myrule udp
> ip inspect name myrule ftp
> ip inspect name myrule H323

> In the above does the IP INSPECT NAME MYRULE FTP mean an active FTP ( where the the port number for data conection can be any number beyond 1024..) or only passive FTP where we have port 21 for control and 20 for data.?

The FTP keyword covers both. You only need it for active FTP, though,
because passive FTP would be covered by the generic TCP keyword.

BTW, your definition of passive vs. active is wrong.
Active FTP:
client.high -> server.21 (client initiates control)
server.20 -> client.high (server initiates data)

Passive FTP:
client.high -> server.21 (client initiates control)
client.high -> server.high (client initiates data)

• Next message: RSMANI: "[nsp] Meaning of BGP parameter.."
• Previous message: dylan greene: "Re: private AS peering"
• In reply to: RSMANI: "[nsp] Regarding CBAC"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:12:15 EDT