Zbig DD-WRT Novice
Joined: 29 Sep 2009 Posts: 7
|
Posted: Sat Aug 04, 2012 22:33 Post subject: How come inbound passive FTP connections work? |
|
Now, it may seem weird but I'm puzzled by this and I'd actually like to know why something works for me while I genuinely believed it shouldn't
So, I have a WRT320 running build 14896. I've set up FileZilla Server on a LAN machine, set up Windows Firewall exception and made a single forwarding for port 21. What I expected after that was some fighting with PASV port range but it proved unnecessary as my first test from the outside just worked. Server picked some incoming port and the FTP client on the outside was somehow just able to connect there. I didn't enable DMZ. Then, out of curiosity, I've switched SPI firewall off - still worked. Finally, I've been able to break it by changing FTP server's listening port (and forwarding rule's target port) So my question is: where does the magic happen? As I imagine, there has to be some hardcoded rule which deep-inspects everything going to port 21 for the FTP 227 message, then does some math and finally makes temporary firewall opening/port forward? Are there other automagical features like this?
Best regards
Zbig |
|