[ntp:questions] Re: Taming the pinball machine

Hal Murray hmurray at suespammers.org
Wed Nov 12 08:23:14 UTC 2003


>Does it work correctly when your NAT box is removed and the system is
>hooked up to the net directly?
>
>The ftp protocol works poorly through NAT.  The problem is that ftp
>embeds the client system's address in the file transfer transaction
>and then opens a connection from the server to the client.  Under NAT
>this is the private, non-routable address.  That is strike 1.  Strike
>2 is that fact that an unsolicited tcp open is showing up at the NAT
>box.  NAT is going to drop that open like a hot potato.  

This machine is behind a NAT box.  I occasionally use FTP.  The
key step is to say "passive" as soon as I get logged in.  I think
that solves your strike 2 above by making my mchine send the first
packet when opening a data connection (and thus setting up the
connection in the NAT box).  I haven't been bitten by strike 1,
so I assume the NAT software is "smart" enough to patch any IP
addresses inside FTP protocol sessions.  (ugh)

[I'm not claiming that is good or elegant, just that it works
for me.]

-- 
The suespammers.org mail server is located in California.  So are all my
other mailboxes.  Please do not send unsolicited bulk e-mail or unsolicited
commercial e-mail to my suespammers.org address or any of my other addresses.
These are my opinions, not necessarily my employer's.  I hate spam.




More information about the questions mailing list