Skip site navigation (1)Skip section navigation (2) 
Date:      Sat, 19 Feb 2000 21:38:49 -0500
From:      "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To:        Charles Mott <cmott@scientech.com>
Cc:        questions@FreeBSD.ORG
Subject:   Re: Redirecting/mapping ports to a local machine... help!
Message-ID:  <20000219213848.H60348@cc942873-a.ewndsr1.nj.home.com>
In-Reply-To: <Pine.LNX.4.10.10002191856540.22579-100000@if.scientech.com>; from cmott@scientech.com on Sat, Feb 19, 2000 at 07:05:27PM -0700
References:  <20000219203204.G60348@cc942873-a.ewndsr1.nj.home.com> <Pine.LNX.4.10.10002191856540.22579-100000@if.scientech.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Feb 19, 2000 at 07:05:27PM -0700, Charles Mott wrote:
> On Sat, 19 Feb 2000, Crist J. Clark wrote:
> > This is a server issue not a client issue. An ftp client can do
> > passive ftp from behind a NAT box. However, active ftp would not
> > work.
> 
> This is not correct.  There is specific code in the
> packet aliasing library used by natd for handling "active"
> (i.e. non-passive) connections.  Essentially, the packet
> aliasing code looks for a PORT command in the control
> stream and then sets up a back-channel to wait for the
> port 20 control connection from the ftp server.
> 
> Many people use ftp in non-passive mode from behind natd
> without any problems.

Many people get lucky then. From the alias_ftp.c source,

    For this routine to work, the PORT command must fit entirely
    into a single TCP packet.  This is typically the case, but exceptions
    can easily be envisioned under the actual specifications.

> > Use of a control channel and a data channel is a basic part of the ftp
> > protocol. See RFC 959. Unimplemented RFC 2428 might be interesting too.

But we need to point out that the this special handling of FTP by NAT
is for _clients_ behind the NAT box only, not servers.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20000219213848.H60348>