Subject: Re: Off-topic: Dumb IPNAT question
To: None <current-users@NetBSD.ORG>
From: der Mouse <mouse@Rodents.Montreal.QC.CA>
Date: 06/14/1998 20:59:58
> [...NAT setup...]
> I can't FTP to anywhere because anything - like "dir" - that uses
> PORT commands issues PORTs with, of course, the real address of the
> machine. So it issues "PORT 192,168,1,3,4,4" commands and the target
> host dutifully tries to send ftp-data packets off to 192.168.1.3
> instead of back to my IPNAT gateway, naturally.
Right. This sort of thing is one of the reasons I consider NAT broken,
from the design up.
You need one of these:
1) An FTP proxy to run on the NAT box, and an FTP client that knows how
to use it;
2) An FTP client that can use PASV commands instead of PORT commands,
and hope you never want to FTP to a server whose PASV response format
doesn't match what your client expects;
3) A NAT setup that edits FTP control streams as they go past (yes, I
have seen such a thing - in a commercial product);
4) More address space, so you can ditch NAT.
As you can probably tell, (4) is the only option I consider acceptable
(in particular, it's the only one that isn't FTP-specific), though I do
realize that (otherwise :) reasonable people disagree with me.
7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B