Subject: Re: Off-topic: Dumb IPNAT question
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
List: current-users
Date: 06/14/1998 20:59:58
> [...NAT setup...]

> I can't FTP to anywhere because anything - like "dir" - that uses
> PORT commands issues PORTs with, of course, the real address of the
> machine.  So it issues "PORT 192,168,1,3,4,4" commands and the target
> host dutifully tries to send ftp-data packets off to
> instead of back to my IPNAT gateway, naturally.

Right.  This sort of thing is one of the reasons I consider NAT broken,
from the design up.

You need one of these:

1) An FTP proxy to run on the NAT box, and an FTP client that knows how
to use it;

2) An FTP client that can use PASV commands instead of PORT commands,
and hope you never want to FTP to a server whose PASV response format
doesn't match what your client expects;

3) A NAT setup that edits FTP control streams as they go past (yes, I
have seen such a thing - in a commercial product);

4) More address space, so you can ditch NAT.

As you can probably tell, (4) is the only option I consider acceptable
(in particular, it's the only one that isn't FTP-specific), though I do
realize that (otherwise :) reasonable people disagree with me.

					der Mouse

		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B