From owner-freebsd-questions  Sat Feb 19 18:33:38 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from cc942873-a.ewndsr1.nj.home.com (cc942873-a.ewndsr1.nj.home.com [24.2.89.207])
	by hub.freebsd.org (Postfix) with ESMTP id 42E6B37BCF8
	for <questions@FreeBSD.ORG>; Sat, 19 Feb 2000 18:33:35 -0800 (PST)
	(envelope-from cjc@cc942873-a.ewndsr1.nj.home.com)
Received: (from cjc@localhost)
	by cc942873-a.ewndsr1.nj.home.com (8.9.3/8.9.3) id VAA62239;
	Sat, 19 Feb 2000 21:38:49 -0500 (EST)
	(envelope-from cjc)
Date: Sat, 19 Feb 2000 21:38:49 -0500
From: "Crist J. Clark" <cjc@cc942873-a.ewndsr1.nj.home.com>
To: Charles Mott <cmott@scientech.com>
Cc: questions@FreeBSD.ORG
Subject: Re: Redirecting/mapping ports to a local machine... help!
Message-ID: <20000219213848.H60348@cc942873-a.ewndsr1.nj.home.com>
Reply-To: cjclark@home.com
References: <20000219203204.G60348@cc942873-a.ewndsr1.nj.home.com> <Pine.LNX.4.10.10002191856540.22579-100000@if.scientech.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 1.0i
In-Reply-To: <Pine.LNX.4.10.10002191856540.22579-100000@if.scientech.com>; from cmott@scientech.com on Sat, Feb 19, 2000 at 07:05:27PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, Feb 19, 2000 at 07:05:27PM -0700, Charles Mott wrote:
> On Sat, 19 Feb 2000, Crist J. Clark wrote:
> > This is a server issue not a client issue. An ftp client can do
> > passive ftp from behind a NAT box. However, active ftp would not
> > work.
> 
> This is not correct.  There is specific code in the
> packet aliasing library used by natd for handling "active"
> (i.e. non-passive) connections.  Essentially, the packet
> aliasing code looks for a PORT command in the control
> stream and then sets up a back-channel to wait for the
> port 20 control connection from the ftp server.
> 
> Many people use ftp in non-passive mode from behind natd
> without any problems.

Many people get lucky then. From the alias_ftp.c source,

    For this routine to work, the PORT command must fit entirely
    into a single TCP packet.  This is typically the case, but exceptions
    can easily be envisioned under the actual specifications.

> > Use of a control channel and a data channel is a basic part of the ftp
> > protocol. See RFC 959. Unimplemented RFC 2428 might be interesting too.

But we need to point out that the this special handling of FTP by NAT
is for _clients_ behind the NAT box only, not servers.
-- 
Crist J. Clark                           cjclark@home.com


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message