tech-net: Re: ipnat ftp proxy fix yet? (ever?)

Subject: Re: ipnat ftp proxy fix yet? (ever?)
To: roberto <roberto-dated-1099406104.cd5e2c@redix.it>
From: Manuel Bouyer <bouyer@antioche.eu.org>
List: tech-net
Date: 10/28/2004 18:03:27

On Thu, Oct 28, 2004 at 04:35:03PM +0200, roberto wrote:
>  Manuel Bouyer:
> > I'm not sure passive ftp would work though NAT without the proxy.
> > At last the source address, and possibly the source port, need to be
> > translasted in the PORT command.
> >
> 
> (actually I did not follow the entire discussion...)
> but according to me passive ftp should work with only ipnat:
> 
>  client -----> NAT box ------> FTP server
> 
> All the connection originate from the client (using the passive mode) and
> this is sufficient to establish the FTP-CTRL and FTP-DATA connection: in
> the passive mode is the server that publicize its IP and port number not
> the client behind the NAT.
> 
> Tell me if I'm forgot something.

The client's IP appear in the PORT command, so that the server can
bind the data socket to accept this IP only.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--