[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [firstname.lastname@example.org: Re: NAT and FTP]
- To: tech_(_at_)_openbsd_(_dot_)_org
- Subject: Re: [email@example.com: Re: NAT and FTP]
- From: Benedikt Stockebrand <benedikt_(_at_)_devnull_(_dot_)_ruhr_(_dot_)_de>
- Date: 18 Feb 1997 00:39:03 +0100
Felix Schroeter <felix_(_at_)_mamba_(_dot_)_pond_(_dot_)_sub_(_dot_)_org> writes:
> In article <199702121456_(_dot_)_HAA25687_(_at_)_sun4c_(_dot_)_openbsd_(_dot_)_org>,
> Kenneth Stailey <kstailey_(_at_)_sun4c_(_dot_)_openbsd_(_dot_)_org> wrote:
> >You are correct. NAT will not pass standard FTP sessions.
> That's right. By the way, the Linux IP masqerading won't either.
And it shouldn't. Any protocol that needs some contents mangling
should be dealt with in userspace. First of all, this is a complex
business. Next, what if the other side maliciously sends junk? If
this is done in kernelspace (instead of a daemon running as nobody
and/or in a sand box) any coding error will be fatal. And finally,
how would you deal with some non-standard protocol using the (at some
box unused) ftp port?
BTW, there should be a variety of such FTP circuit proxies available.
The first place to check should be the TIS Firewall Toolkit (fwtk),
which is basically freely available. I haven't checked this myself
though; I'd rather use passive mode FTP anyway.
Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes. Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.