[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    FTP port numbers and ipnat
From:       weave () navi ! net (Terrance Hodgins)
Date:       1997-06-12 2:17:15
[Download RAW message or body]

Hi.  I'm running IPF alpha6, on a Sparcstation 1 with Solaris 2.4.

I have IPF filtering nothing, just passing all, and am using the
ipnat program to translate IP numbers so my Suns and PCs on
my local home network can all talk to my ISP when I dial in.
(The ISP's software can handle only one IP number, the one that
he assigns to me when I log in.)
Thus, I am using a Sparcstation as a router and gateway, and
it works fine.

Except for this gotcha:  FTP to the outside world seems to be
broken when run from any machine except the router/gateway
machine.  It will log in to the remote host okay, but then, when
it issues a "LIST" command, it will say something like "going to
listen on port 1024" or some such number. And it never gets
an answer back, so the session dies of timeouts.
Now my name/address translation rules are tranlating all port
numbers into higher numbers, in the 40000 to 50000 range.
Does FTP somehow embed the port numbers inside packets in
a way that ipnat cannot translate them?

I can FTP files from a PC or another Sun to the gateway machine,
and then FTP them from the gateway machine to the remote
host, but can't do it in one shot, which is a pain.  Has anyone
else run into this, and is there a workaround besides the one
I just described?

*         Terrance Hodgins          *
*      Willamette Web Weavers       *
*          weave@navi.net           *
*    http://www.navi.net/~weave/    *


[prev in list] [next in list] [prev in thread] [next in thread]