> [...NAT setup...]

> I can't FTP to anywhere because anything - like "dir" - that uses
> PORT commands issues PORTs with, of course, the real address of the
> machine.  So it issues "PORT 192,168,1,3,4,4" commands and the target
> host dutifully tries to send ftp-data packets off to 192.168.1.3
> instead of back to my IPNAT gateway, naturally.

Right.  This sort of thing is one of the reasons I consider NAT broken,
from the design up.

You need one of these:

1) An FTP proxy to run on the NAT box, and an FTP client that knows how
to use it;

2) An FTP client that can use PASV commands instead of PORT commands,
and hope you never want to FTP to a server whose PASV response format
doesn't match what your client expects;

3) A NAT setup that edits FTP control streams as they go past (yes, I
have seen such a thing - in a commercial product);

4) More address space, so you can ditch NAT.

As you can probably tell, (4) is the only option I consider acceptable
(in particular, it's the only one that isn't FTP-specific), though I do
realize that (otherwise :) reasonable people disagree with me.

					der Mouse

			       mouse@rodents.montreal.qc.ca
		     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B