[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: ftp and NAT
From:       Samuli Kaski <samkaski () cs ! helsinki ! fi>
Date:       1997-09-09 8:20:00
[Download RAW message or body]

On Mon, 8 Sep 1997, BRANDON WILLIAM HUME wrote:

> > directories, but that is about it.  Anyone know why this is happening,
> > or better yet, how to fix this?
> 
> FTP, before asking for an NLST or download, sends a string telling the
> SERVER what port to connect to.  Like:  111,222,333,444,13,00 (to connect
> to 111.222.333.444, port (13 * 256 + 00).  Obviously, the client will tell
> the server to connect to what it believes its OWN IP to be, and this
> data will be in the payload of the packet and not translated by NAT.

Hmm, weird. I knew about the FTP problem but now I'm confused. If I
tell my Linux to return the real NIC IP that has been assigned to me
and which will be translated to the fake IP (bimap), which is
reachable from the natting host, it still doesn't work?

HostA (linux; real ip, fake ip)
  |
  |
HostB (netbsd; bimap natting real ip<->fake ip)
  |
  |
HostC (alpha; the ftp server)

Now if I connect to HostC so that my Linux returns the fake IP as it's
address, it won't work, which I understand. But if I make my Linux
return the real NIC IP that will be translated to the fake IP on HostB
it still doesn't work. Yet on the same time ftp'ing from HostC to
HostA (with the real NIC IP) does. Please do explain?

> You'll need to use passive-mode transfer.  Instead of the client telling
> the server where to connect to, the clients asks where to connect to and
> makes the connection out itself.
> 
> Both ncftp and Netscape do PASV-mode transfers, as far as I know.

Hmm, maybe it's just me but I never got ncftp to work with passive
ftp. So I use incoming ftp (bimap), scp, netscape or wget instead.
Maybe someone who knows how to get it to work could send an capture of
an succesful ncftp(PASV) session to the mailing list? I assume there
would be interest for such a mail.

--
Samuli Kaski, samkaski@cs.helsinki.fi
Department of Computer Science, University of Helsinki, Finland.


[prev in list] [next in list] [prev in thread] [next in thread]