Date: Fri, 1 Aug 1997 00:40:16 -0600 (MDT) From: Charles Mott <cmott@srv.net> To: Brian Somers <brian@awfulhak.org> Cc: Ruslan Ermilov <ru@ucb.crimea.ua>, FreeBSD Questions <questions@FreeBSD.ORG> Subject: Re: NATD -use_sockets option question Message-ID: <Pine.BSF.3.91.970801001513.4657B-100000@darkstar> In-Reply-To: <199708010041.BAA18379@awfulhak.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> > I don't undestand the {FTP data connection} and {partially specified links}
> > relationship. What is it? Please, explain.
Some more explanation than my last reply. Warning: this is going to be
confusing.
When an FTP client sets up a data connection in the standard non-passive
mode (to transfer a file or get a directory listing), the client actually
has to wait for the server to establish the connection. This causes some
extra work for the packet aliasing engine which has to intercept and
modify the PORT command and then wait for the data connection, which is
separate from the control connection, to be established. The "partially
specified link" is an internal construct set up by the packet aliasing
engine to wait for the data connection from a known IP address but
unknown port, hence the term partially specified. The data connection
should be initiated from port 20 on the remote side, but this is not
always the case.
In the normal mode of operation, the packet aliasing engine monitors
traffic and sets up aliasing links, which are address/port relationships
between the local, aliasing and remote machines. In the case of waiting
for an FTP data connection, no actual traffic has passed, so there could
be a port conflict with the host machine unless socket() is called to
reserve an unused port number. As soon as the remote machine establishes
the data connection, there is no additional need to reserve the port with
a dummy socket.
In the case where the natd machine is acting purely as a router, and
people are not using it as an FTP or IRC client, the use_sockets option
does not need to be set. This should improve efficiency. Also, if local
machines are being aliased to one or more addresses that are _distinct_
from the natd address, then this option can be disabled, since there is no
possibility of conflict with the host machine.
I'm sorry, but I don't know how to make this explanation more clear.
Charles Mott
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.970801001513.4657B-100000>