Henrik Nordstrom wrote:
On Mon, 22 Nov 2004, Christopher Chan wrote:
Technically agreed, except that route NAT for the same reason does
not work for protocols not NAT friendly such as FTP, IRC or many other.
Could you explain this a bit more?
How would they be broken in a route nat for all protocols to a virtual
ip that is sent a box on the inside network?
Because the FTP protocol encodes the IP addresses in ASCII within the
control channel, and route NAT does not (and can not) mangle the TCP
payload, only the IP addresses in the packet headers.
For clients being SNAT:ed this is a problem in active (PORT) mode ftp.
For servers being DNAT:ed this is a problem in passive (PASV) mode ftp.
Regards
Henrik
Thanks.
-
: send the line "unsubscribe linux-net" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
