[cmakin@nla.gov.au: Re: NAT and FTP]

[Kenneth Stailey <kstailey_(_at_)_sun4c_(_dot_)_openbsd_(_dot_)_org>]

X-Authentication-Warning: gadget.nla.gov.au: cmakin owned process doing -bs
Date: Wed, 12 Feb 1997 11:02:08 +1100 (EST)
From: Carl Makin <cmakin_(_at_)_nla_(_dot_)_gov_(_dot_)_au>
To: "Nathan D. Bowen" <nbowen_(_at_)_3i_(_dot_)_net>
Cc: ipfilter_(_at_)_postbox_(_dot_)_anu_(_dot_)_edu_(_dot_)_au
Subject: Re: NAT and FTP
In-Reply-To: <Pine_(_dot_)_LNX_(_dot_)_3_(_dot_)_95_(_dot_)_970211100235_(_dot_)_387A-100000_(_at_)_mu_(_dot_)_phx_(_dot_)_cyberhighway_(_dot_)_net>
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII


Hi Nathan,

On Tue, 11 Feb 1997, Nathan D. Bowen wrote:

> I am new to ipfilter and not too well versed with NAT, but I have read RFC
> 1631 and I have tried to understand the linux ip_masq_ftp code. I am tempted
> to say that ftp won't work with ipfilter's NAT without patching ipfilter to
> watch for and mangle the PORT commands in FTP control conversations.

You are correct.  NAT will not pass standard FTP sessions.  Most FTP
clients and servers now support the "passive" option.  This makes FTP use
the control channel instead of opening a separate data channel for passing
data.

If you are using a command line FTP client try giving your client 
the "passive" or "pasv" commands.  

Carl.

--
Carl Makin (VK1KCM)  <http://email.nla.gov.au/~cmakin/>
C_(_dot_)_Makin_(_at_)_nla_(_dot_)_gov_(_dot_)_au  'Work +61 6 262 1576'   "Speaking for myself only!"
'If you want to make your spouse pay attention to what you say...
             Talk in your sleep!'