Re: NAT

To: debian-firewall@lists.debian.org
Subject: Re: NAT
From: Michael Meskes <meskes@debian.org>
Date: Wed, 16 Feb 2000 09:22:06 +0100
Message-id: <20000216092206.A617@fam-meskes.de>
Mail-followup-to: debian-firewall@lists.debian.org
In-reply-to: <20000215191315.F720@lathspell>; from ch@lathspell.westend.com on Tue, Feb 15, 2000 at 07:13:15PM +0100
References: <20000215145138.A10280@fam-meskes.de> <20000215191315.F720@lathspell>

On Tue, Feb 15, 2000 at 07:13:15PM +0100, Christian Hammers wrote:
>       Internet <- 1.1.1.1@router@192.168.100.1 ---- 192.168.100.2@ftp
>       					       ---- 192.168.100.x@rest

Won't do.

> ...
> If you use ftp from outside then you just have to do portmapping, i.e.
> say: Router: all connections on port 21 are for 192.168.100.2.

No problem so far.

> No need for any more real IP addressses. Note, that you probably have to
> use the masq_ftp.o module (or something that way) because ftp is a bit 
> tricky since it has commands on port 21 and data on port 20.

Something that way is the problem. Active ftp work's fine since the data
channel is create from the server and thus gets masqueraded at the router.
But passive ftp simply does not work. For passive ftp to work the router
would have to dynamically add a portforwarding rule everytime it sees a PORT
command. 

Maybe there is some software out there to do this, but I have yet to find
it.

Michael
-- 
Michael Meskes                         | Go SF 49ers!
Th.-Heuss-Str. 61, D-41812 Erkelenz    | Go Rhein Fire!
Tel.: (+49) 2431/72651                 | Use Debian GNU/Linux!
Email: Michael@Fam-Meskes.De           | Use PostgreSQL!

Reply to:

Follow-Ups:
- Re: NAT
  - From: Christian Hammers <ch@lathspell.westend.com>

References:
- NAT
  - From: Michael Meskes <meskes@debian.org>
- Re: NAT
  - From: Christian Hammers <ch@lathspell.westend.com>

Prev by Date: Re: NAT
Next by Date: Re: NAT
Previous by thread: Re: NAT
Next by thread: Re: NAT
Index(es):
- Date
- Thread