From owner-freebsd-questions  Thu Jul 31 23:42:55 1997
Return-Path: <owner-freebsd-questions>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id XAA04005
          for questions-outgoing; Thu, 31 Jul 1997 23:42:55 -0700 (PDT)
Received: from srv.net (snake.srv.net [199.104.81.3])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id XAA04000
          for <questions@FreeBSD.ORG>; Thu, 31 Jul 1997 23:42:52 -0700 (PDT)
Received: from darkstar (pmif140.ida.net [204.228.203.140])
	by srv.net (8.8.5/8.8.5) with SMTP id AAA00342;
	Fri, 1 Aug 1997 00:40:52 -0600 (MDT)
Date: Fri, 1 Aug 1997 00:40:16 -0600 (MDT)
From: Charles Mott <cmott@srv.net>
X-Sender: cmott@darkstar
To: Brian Somers <brian@awfulhak.org>
cc: Ruslan Ermilov <ru@ucb.crimea.ua>,
        FreeBSD Questions <questions@FreeBSD.ORG>
Subject: Re: NATD -use_sockets option question 
In-Reply-To: <199708010041.BAA18379@awfulhak.org>
Message-ID: <Pine.BSF.3.91.970801001513.4657B-100000@darkstar>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
X-Loop: FreeBSD.org
Precedence: bulk

> > I don't undestand the {FTP data connection} and {partially specified links}
> > relationship. What is it? Please, explain.

Some more explanation than my last reply.  Warning: this is going to be
confusing. 

When an FTP client sets up a data connection in the standard non-passive
mode (to transfer a file or get a directory listing), the client actually
has to wait for the server to establish the connection.  This causes some
extra work for the packet aliasing engine which has to intercept and
modify the PORT command and then wait for the data connection, which is
separate from the control connection, to be established.  The "partially
specified link" is an internal construct set up by the packet aliasing
engine to wait for the data connection from a known IP address but 
unknown port, hence the term partially specified.  The data connection
should be initiated from port 20 on the remote side, but this is not 
always the case.

In the normal mode of operation, the packet aliasing engine monitors 
traffic and sets up aliasing links, which are address/port relationships 
between the local, aliasing and remote machines.  In the case of waiting 
for an FTP data connection, no actual traffic has passed, so there could 
be a port conflict with the host machine unless socket() is called to 
reserve an unused port number.  As soon as the remote machine establishes 
the data connection, there is no additional need to reserve the port with 
a dummy socket.

In the case where the natd machine is acting purely as a router, and
people are not using it as an FTP or IRC client, the use_sockets option
does not need to be set.  This should improve efficiency.  Also, if local
machines are being aliased to one or more addresses that are _distinct_
from the natd address, then this option can be disabled, since there is no
possibility of conflict with the host machine. 

I'm sorry, but I don't know how to make this explanation more clear. 

Charles Mott