Ftp client nat, Ftp client nat 195, Figure 7-10: active ftp for dynamic nat 195 – Nortel Networks WEB OS 212777 User Manual

Web OS 10.0 Application Guide

Chapter 7: Filtering

n

195

212777-A, February 2002

FTP Client NAT

Alteon Web switches provide NAT services to many clients with private IP addresses. In
Web OS, an FTP enhancement provides the capability to perform true FTP NAT for dynamic
NAT.

Because of the way FTP works in active mode, a client sends information on the control chan-
nel, information that reveals their private IP address, out to the Internet. However, the switch
filter only performs NAT translation on the TCP/IP header portion of the frame, preventing a
client with a private IP address from doing active FTP.

The switch can monitor the control channel and replace the client ’s private IP address with a
proxy IP address defined on the switch. When a client in active FTP mode sends a

port

com-

mand to a remote FTP server, the switch will look into the data part of the frame and modify
the

port

command as follows:

n

The real server (client) IP address will be replaced by a public proxy IP address. If VMA
is enabled, a pool (1-8) of proxy IP addresses is used instead of a single one.

n

The real server (client) port will be replaced with a proxy port.

Figure 7-10 Active FTP for Dynamic NAT

Router

Hub

Real servers

10.10.10.x

(Private network)

Internet

Inbound proxy on
public address

Outbound filter:

NAT source info

to public address

1

Public IP Address:

205.178.17.12

(Pool of proxy IP

addresses instead

of a single proxy

IP address)