On Mon, 22 Nov 2004, Christopher Chan wrote:
Technically agreed, except that route NAT for the same reason does not work for protocols not NAT friendly such as FTP, IRC or many other.
Could you explain this a bit more?
How would they be broken in a route nat for all protocols to a virtual ip that is sent a box on the inside network?
Because the FTP protocol encodes the IP addresses in ASCII within the control channel, and route NAT does not (and can not) mangle the TCP payload, only the IP addresses in the packet headers.
For clients being SNAT:ed this is a problem in active (PORT) mode ftp.
For servers being DNAT:ed this is a problem in passive (PASV) mode ftp.
Regards Henrik - : send the line "unsubscribe linux-net" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
