From owner-freebsd-questions  Sat Feb 19 18:55:39 2000
Delivered-To: freebsd-questions@freebsd.org
Received: from if.scientech.com (eaglerock.if.scientech.com [198.60.85.3])
	by hub.freebsd.org (Postfix) with ESMTP id 2C83837BC49
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 Feb 2000 18:55:37 -0800 (PST)
	(envelope-from cmott@scientech.com)
Received: from if.scientech.com (IDENT:cmott@if.scientech.com [10.128.1.6] (may be forged))
	by if.scientech.com (8.9.3/8.9.3) with ESMTP id TAA32066
	for <freebsd-questions@FreeBSD.ORG>; Sat, 19 Feb 2000 19:55:36 -0700
Date: Sat, 19 Feb 2000 19:55:36 -0700 (MST)
From: Charles Mott <cmott@scientech.com>
To: freebsd-questions@FreeBSD.ORG
Subject: Re: Redirecting/mapping ports to a local machine... help!
In-Reply-To: <Pine.LNX.4.10.10002191935400.29722-100000@if.scientech.com>
Message-ID: <Pine.LNX.4.10.10002191950480.29722-100000@if.scientech.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

On Sat, 19 Feb 2000, Charles Mott wrote:
> > > Many people use ftp in non-passive mode from behind natd
> > > without any problems.
> > 
> > Many people get lucky then. From the alias_ftp.c source,
> > 
> >     For this routine to work, the PORT command must fit entirely
> >     into a single TCP packet.  This is typically the case, but exceptions
> >     can easily be envisioned under the actual specifications.
> 
> I wrote the alias_ftp.c source code and the comment that
> you cite.  It is unusual to see a PORT command divided into
> more than one packet.  There is a firewall toolkit that
> deliberately does this, but I know of no other examples.
> 
> > 
> > > > Use of a control channel and a data channel is a basic part of the ftp
> > > > protocol. See RFC 959. Unimplemented RFC 2428 might be interesting too.
> > 
> > But we need to point out that the this special handling of FTP by NAT
> > is for _clients_ behind the NAT box only, not servers.

A little more to my earlier reply...

You are correct to distinguish between clients and servers,
but I believe the example posed by "dc" in the original posting
of this thread should actually work for non-passive ftp
connections.  (One always has to test to make sure, though)

A minor adjustment in software would be needed to make an
FTP server automatically work in passive mode behind natd.

Charles Mott



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message