A song dedicated to molly

An idea came out in my big head just now.I wish i could dedicate a song to molly for her angle face.

A big issue on "Application Layer Gateway Service" when make a NAT from route and remote access management of WINDOWS2008

As we know,"Application Layer Gateway Service" is a service for "Gives support for application-level protocol plug-ins and enables network connectivity.".It is a useless service in some kind situation,such as disabled firewall integrated in WINDOWS(later than winxp).Generally,the service will be terminated along with firewall disabled.But it is not reproducible in win2008,which the service can be enable even if the firewall have been disabled. Because of it,I almost lost the controlling in network management.

Let me reproduce the situation:
Firstly,I will indicate the requirement as follows:
Make a NAT(network address translation) in "routing and remote access" from panel control in Win2008. (you can google it to find the quick tutorial)
Secondly,I will show the issue on it as follows:
1.Enable "Application Layer Gateway Service" with firewall(integrated in win2008) disabled in Win2008.Please check it as follows:

2.Install and configuration the client machine with internet connection through NAT.(It depends on your OS,and I choose FREEBSD as example).

3.Surf the internet by various of protocols(such as http,ftp,ssh,and telnet),and you will find that all the protocol can pass through the NAT except ftp. (It is a big issue!!!)

I need ftp access in network management,and how to handle with it?Let's go to next step.

4.Disable "Application Layer Gateway Service" with firewall(integrated in win2008) disabled in Win2008.Please check it as follows:


5.Surf the internet by various of protocol(such as http,ftp,ssh,and telnet),and you will find that all the protocols can pass through the NAT.

The big issue will be resolved by the action.

Analyze
Let me analyze ftp protocol for you firstly:
Please look at the picture firstly:


It is a scheme for FTP protocol.Generally,FTP has two modes in software implement,Active and Passive. But each process for ftp will take up two ports 21,20 or 21,1728 in two modes.After enabling "Application Layer Gateway Service",the system will block or filter sending request of FTP according to analyze the result of data in tcp monitor.

Conclusion
"Application Layer Gateway Service" will be a "poisonous" service in some situation.So please close the service if you need the service.