Table of Contents
Advertisement
Alteon Application Switch Operating System Application Guide
Filtering and Traffic Manipulation
FTP Client NAT
Alteon provides NAT services to many clients with private IP addresses. An FTP enhancement lets
you perform true FTP NAT for dynamic NAT.
Because of the way FTP works in active mode, a client sends information on the control channel
(information that reveals their private IP address) out to the Internet. However, the filter only
performs NAT translation on the TCP/IP header portion of the frame, preventing a client with a
private IP address from performing active FTP.
Alteon can monitor the control channel and replace the client 's private IP address with a proxy IP
address defined on Alteon. When a client in active FTP mode sends a port command to a remote FTP
server, Alteon analyzes the data part of the frame and modifies the port command as follows:
•
The real server (client) IP address is replaced by a public proxy IP address.
•
The real server (client) port is replaced with a proxy port.
Figure 62: FTP Client NAT Example
You may directly connect the real servers to Alteon if the total number of servers is less than or
equal to the ports.
To configure active FTP client NAT
Note:
The passive mode does not need to use this feature.
1. Make sure that a proxy IP address is enabled on the filter port.
2. Make sure that a source NAT filter is set up for the port:
>> # /cfg/slb/filt 14
>> Filter 14# invert ena
>> Filter 14# dip 10.10.10.0
>> Filter 14# dmask 255.255.255.0
388
(Select the menu for client filter)
(Invert the filter logic)
(If the destination is not private)
(For the entire private subnet range)
Document ID: RDWR-ALOS-V2900_AG1302
- Quick Links:
- Part 1-Basic Features
Hide quick links:
Advertisement
Table of Contents
