Table of Contents
Advertisement
FTP Client NAT
Alteon Web switches provide NAT services to many clients with private IP addresses. In
Web OS, an FTP enhancement provides the capability to perform true FTP NAT for dynamic
NAT.
Because of the way FTP works in active mode, a client sends information on the control chan-
nel, information that reveals their private IP address, out to the Internet. However, the switch
filter only performs NAT translation on the TCP/IP header portion of the frame, preventing a
client with a private IP address from doing active FTP.
The switch can monitor the control channel and replace the client 's private IP address with a
proxy IP address defined on the switch. When a client in active FTP mode sends a port com-
mand to a remote FTP server, the switch will look into the data part of the frame and modify
the port command as follows:
n
The real server (client) IP address will be replaced by a public proxy IP address. If VMA
is enabled, a pool (1-8) of proxy IP addresses is used instead of a single one.
n
The real server (client) port will be replaced with a proxy port.
Real servers
10.10.10.x
(Private network)
Figure 7-10 Active FTP for Dynamic NAT
212777-A, February 2002
(Pool of proxy IP
Outbound filter:
addresses instead
NAT source info
of a single proxy
IP address)
to public address
Public IP Address:
1
Hub
Inbound proxy on
public address
Web OS 10.0 Application Guide
205.178.17.12
Router
Internet
n
Chapter 7: Filtering
195
Advertisement
Table of Contents
