From: "Andrew Hooper" <andrew@best.net.nz>
>the explination covers most things for me, but not quite all
> (or im not reading it correctly)
>LocalDSL <-> RemoteNonDSL works both ways,
>passv is opperational (can ftp up and down)
>RemoteDSL <-> RemoteNonDSL works both ways
>(can ftp up and down)

>LocalDSL <-> RemoteDSL will receive but not send (503 No PORT command
> issued first)
>Im using passive mode for all tests.

>Im guessing that the problem is with the LocalDSL and not the RemoteDSL as
>anyone using a nonDSL link seems to be able to connect using FTP.

I have added a fifth and sixth scenario below and your evidence would point
towards a fault at the server end (RemoteDSL) either with the Invisible
proxy or the server itself. While you say that NonDSL users can access the
server are they using the same FTP client software configured for PASV mode?

Also while you "think" you are using PASV mode for upload and download I
seem to remember an FTP client that only applied this setting to downloads
(you can see this in the local log).

InSideOutSideIn -PORT Mode
--------------------------------

An FTP client, with a private IP address behind a NAT box accessing a server
that has a Private IP address behind a NAT box. Assumes there is a pinhole
at the server NAT box from the outside IP port 21 to the inside server IP
port 21. No pinholes at the client end.

The NAT box at the client end must fix up the PORT command coming from the
client, the NAT box at the server end need do nothing (apart from port 21
pinhole translation) as the PORT command will contain a valid Internet IP
address by the time it hits the server end.

A failure in this mode indicates a broken FTP proxy at the client end, or an
FTP proxy at the server end that is fixing things that it shouldn't (e.g.
fixing all PORT commands regardless of direction). The proof is to install
an identical FTP client on a dial up system, connect to the Internet and try
to access the server using PORT mode.

InSideOutSideIn -PASV Mode
--------------------------------

An FTP client, with a private IP address behind a NAT box accessing a server
that has a Private IP address behind a NAT box. Assumes there is a pinhole
at the server NAT box from the outside IP port 21 to the inside server IP
port 21. No pinholes at the client end.

The NAT box at the client need do nothing, PASV mode is a normal outgoing
DATA connection.The NAT box at the server end must fix up the PASV responce
coming back from the server as it will contain the server's private IP
address.

A failure in this mode indicates a broken FTP proxy at the server end.

This message is part of the NZ ADSL mailing list.
see http://unixathome.org/adsl/ for archives, FAQ,
and various documents.
To unsubscribe: send mail to majordomo@unixathome.org
with "unsubscribe adsl" in the body of the message
Received on Wed Dec 13 14:58:27 2000