[ntp:questions] Re: Taming the pinball machine

Wolfgang S. Rupprecht wolfgang+gnus20031111T073744 at dailyplanet.dontspam.wsrcc.com
Tue Nov 11 15:52:21 UTC 2003


"Maarten Wiltink" <maarten at kittensandcats.net> writes:
> That doesn't work from here, either. What DNS name has to agree, exactly?
> The one of my NATing router, perhaps?
>
> I would say that to break existing protocols so they only work from a
> browser is, well, Bad.

Does it work correctly when your NAT box is removed and the system is
hooked up to the net directly?

The ftp protocol works poorly through NAT.  The problem is that ftp
embeds the client system's address in the file transfer transaction
and then opens a connection from the server to the client.  Under NAT
this is the private, non-routable address.  That is strike 1.  Strike
2 is that fact that an unsolicited tcp open is showing up at the NAT
box.  NAT is going to drop that open like a hot potato.  

There is a mode called "passive ftp" that gets around these problems
("ftp -p <hostname>" in unix) where the opens are all done from the
client side.  Things stay nice and consistent.  Passive mode may or
may not be supported by the ftp server you are connecting to.

On the other hand, ftp servers have been checking rDNS for over a
decade.  You are going to have more problems than just one ftp site if
your ISP can't be bothered to fill in their DNS and rDNS information
correctly.

-wolfgang
-- 
Wolfgang S. Rupprecht 		     http://www.wsrcc.com/wolfgang/
           The From: address is valid.  Don't mess with it.



More information about the questions mailing list