Subject: Re: Off-topic: Dumb IPNAT question
To: None <firstname.lastname@example.org>
From: Greg Earle <earle@isolar.Tujunga.CA.US>
Date: 06/14/1998 18:11:20
>> I can't FTP to anywhere because anything - like "dir" - that uses
>> PORT commands issues PORTs with, of course, the real address of the
>> machine. So it issues "PORT 192,168,1,3,4,4" commands and the target
>> host dutifully tries to send ftp-data packets off to 192.168.1.3
>> instead of back to my IPNAT gateway, naturally.
> Right. This sort of thing is one of the reasons I consider NAT broken,
> from the design up.
> You need one of these:
> 1) An FTP proxy to run on the NAT box, and an FTP client that knows how
> to use it;
I'm tempted to try this ... the Rhapsody DR2 Internet Setup Assistant actually
knows about Proxies now ... whether each client would know how to use one or
not, I dunno.
> 2) An FTP client that can use PASV commands instead of PORT commands,
> and hope you never want to FTP to a server whose PASV response format
> doesn't match what your client expects;
I'm doing this now, thanks to David Brownlee's suggestion.
However, I suspect there's no way to tell Netscape or Internet Exploder to use
PASV instead of PORT commands, is there? I still have an occasional need to
boot the Mac into Allegro (MacOS) ... Then again, I don't remember having
this problem before, so maybe Netscape *does* use PASV mode by default ...
> 3) A NAT setup that edits FTP control streams as they go past (yes, I
> have seen such a thing - in a commercial product);
I can't run CU-SeeMe (desktop videoconferencing) behind the IPNAT gateway
because it puts the real IP address of the sender in every packet. The
CU-SeeMe "reflector" (server) sees the real address and how it doesn't match
the Source IP address and rejects it. I've heard that Linux actually has a
module in their IP Masquerade setup that groks these packets and changes the
"real address" embedded in the CU-SeeMe packets on the fly ... oy vey.
> 4) More address space, so you can ditch NAT.
> As you can probably tell, (4) is the only option I consider acceptable
> (in particular, it's the only one that isn't FTP-specific), though I do
> realize that (otherwise :) reasonable people disagree with me.
Well, I'd love to, and could theoretically get away with it, but it looks
like MediaOne cable modems are just around the corner from being in my
neighborhood, and I doubt they'll give me 4 static IP addresses :-)
Anyway, thanks and sorry for the off-topic posts folks ...