Vyatta Network OS Documentation

Learn how to install, configure and operate the Vyatta NOS, which helps drive our virtual networking & physical platforms portfolio.

Show Page Sections

ALG protocol types

The different types of protocol that the Vyatta NOS ALGs support are detailed in this section.


File Transfer Protocol (FTP) is a file transfer protocol that allows FTP clients from inside the private side of a NAT boundary to operate as expected with an FTP server located on the public side.

The FTP protocol includes both active and passive data transfers. An active data transfer means that the transfer is initiated from the FTP server back to the FTP client. A passive data transfer means that the FTP client initiates the transfer to the FTP server. The Vyatta NOS ALG protocol automatically supports both the FTP transfer modes.

The FTP data sessions are automatically linked to the FTP control session.


Internet Control Management Protocol (ICMP) and Internet Control Management Protocol version 6 (ICMPv6) is an error-reporting and message-control protocol that network devices use to report problems in IP packet delivery.

The ICMP ALG protocol allows ICMP and ICMPv6 packets to traverse from the public side of NAT back to the private side.


Point-to-Point Tunneling Protocol (PPTP) is a method for providing virtual private networks.

The Vyatta NOS PPTP ALG protocol provides a mechanism for establishing sessions that are associated with PPTP.


Remote Procedure Call (RPC) is a protocol that enables various RPC services to establish session relationships between related packet flows of applications.

The RPC Application Layer Gateway (ALG) protocol is automatically configured with several NFS program numbers to enable an NFS client from the private side of a NAT to access an NFS server on the public side. The following table lists the default RPC programs.

Table 1. Default RPC programs

You can enable additional RPC programs by adding those program numbers to the RPC ALG configuration. A complete listing of RPC program numbers can be found in /etc/rpc in your Vyatta router.

To enable RPC programs that are not included in the default list, use this command:
set system alg rpc program <number>

If you explicitly configure an additional ALG RPC program, the configuration automatically deletes the default programs.

Therefore, if you require the default programs as well as additional programs, you must explicitly configure those programs as well as the desired additional programs with this command:

set system alg rpc program <number>

No show exists to display the active RPC programs.


The RPC ALG runs on port 111. You cannot change this port number.

You can find a full list of RPC programs that can run on port 111 at https://www.iana.org/assignments/rpc-program-numbers/rpc-program-numbers.xhtml.


Remote Shell (RSH) is a highly insecure and aged protocol that enables a remote user to run shell-level commands on a computer system.

The protocol includes a port string that is used for stderr output,. As a result the RSH protocol does not work correctly in a NAT environment unless this string is properly recognized and translated. The RSH ALG protocol on Vyatta NOS correctly recognizes RSH streams and performs the appropriate operations on the packets to enable RSH to work in both SNAT and DNAT configurations.

On some operating systems, the RSH services make use of the IDENT (RFC-1413) identification protocol. IDENT uses text-based messages to determine the identity of the user of a particular TCP connection. RSH ALG also includes support for correctly translating these messages.


Session Initiation Protocol (SIP) provides signaling capabilities for multimedia communication sessions.

Common SIP applications include Internet telephony (both audio and video calls) and instant messaging.

The Vyatta NOS SIP ALG protocol provides network address and port translation for both SIP request and response messages that are originating from the private side of NAT to the public side.

SIP media packet flows generally use the Realtime Transport Protocol (RTP) over the UDP IP protocol for multimedia sessions. The SIP ALG automatically detects these multimedia sessions and links them to the SIP control session.

The SIP ALG correctly manages up to eight media sessions in a single SIP invitation request. A limit of 400 outstanding invitation requests exists at any given time.


Trivial File Transfer Protocol (TFTP) is a file transfer protocol that allows a client to either get or put a file onto a remote host.

The Vyatta NOS TFTP ALG protocol allows a TFTP client on the private side of NAT to access a TFTP server on the public side.

The TFTP data sessions are automatically linked to the TFTP control session.