Date: Sat, 19 Feb 2000 19:55:36 -0700 (MST) From: Charles Mott <cmott@scientech.com> To: freebsd-questions@FreeBSD.ORG Subject: Re: Redirecting/mapping ports to a local machine... help! Message-ID: <Pine.LNX.4.10.10002191950480.29722-100000@if.scientech.com> In-Reply-To: <Pine.LNX.4.10.10002191935400.29722-100000@if.scientech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 19 Feb 2000, Charles Mott wrote: > > > Many people use ftp in non-passive mode from behind natd > > > without any problems. > > > > Many people get lucky then. From the alias_ftp.c source, > > > > For this routine to work, the PORT command must fit entirely > > into a single TCP packet. This is typically the case, but exceptions > > can easily be envisioned under the actual specifications. > > I wrote the alias_ftp.c source code and the comment that > you cite. It is unusual to see a PORT command divided into > more than one packet. There is a firewall toolkit that > deliberately does this, but I know of no other examples. > > > > > > > Use of a control channel and a data channel is a basic part of the ftp > > > > protocol. See RFC 959. Unimplemented RFC 2428 might be interesting too. > > > > But we need to point out that the this special handling of FTP by NAT > > is for _clients_ behind the NAT box only, not servers. A little more to my earlier reply... You are correct to distinguish between clients and servers, but I believe the example posed by "dc" in the original posting of this thread should actually work for non-passive ftp connections. (One always has to test to make sure, though) A minor adjustment in software would be needed to make an FTP server automatically work in passive mode behind natd. Charles Mott To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.LNX.4.10.10002191950480.29722-100000>