cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl vs. socks5

From: Jochen Hayek <Jochen+curl_at_Hayek.name>
Date: Mon, 12 Feb 2007 15:50:59 +0100

>>>>> "DS" == Daniel Stenberg <daniel_at_haxx.se> writes:

Hi, Daniel,

maybe our communication speed is a little to fast,
so we miss out a few details,
when we respond.
(Yes, this may also apply to me.)
But actually I think I do understand what you are trying to explain,
and I also had your concerns,
but I am convinced, that socksify + socks-host + a NAT router together do "the right things".

I don't want to sound insulting,
I am seriously very grateful for your help in common and especially the help and the "dedication" I experience from you.
So pls forgive me, if I should sound a little harsh!

    DS> On Mon, 12 Feb 2007, Jochen Hayek wrote:

    DS> Yes, you tell the server to connect to a private IP address:

    DS> PORT 10,0,4,119,180,254

>> Yes, it looks like that -- but when the socks server goes through
>> the NAT router, everything is fine.

    DS> The fact that this works with "socksify" is then only because that
    DS> translates this address to before it reaches the FTP server.

Right, "socksify" replaces my *client* *host*'s private IP address by my *socks* *host*'s private IP address.

But (as my previous posting tried to show) socksify also does this for curl -- and still curl does know, what I expect it to do.

And "curl --socks ..." also applies this replacement -- still to no final success.

And the "*magical*" translation from private addresses (i.e. the private address of my socks server) to my static public IP address
is done by the NAT server,
that's what NAT servers unexpectedly do nowadays.
(I was surprised myself.)

    DS> curl doesn't magically translate for you,
    DS> but expects you to set the
    DS> address it should use if the default isn't good enough.

    DS> This isn't strictly a SOCKS issue.

>> Today's NAT routers are wonderful little (Linux) machines :-)

    DS> Perhaps, but this problem has nothing to do with the actual NAT or
    DS> what OS it runs...
    DS> The problem is related to you using NAT
    DS> and passing a private address to an outside server

No, dear friend!
That's exactly what you should understand:
The NAT server does this translation from private inside addresses and ports to that public address
and also the reverse!!

    DS> that can't reach you back on that address.

>> So that private IP address should not be a problem.

    DS> Yes it should. Unless you introduce a middle-man that translates it for you.

The NAT router.
Try it yourself!
I assume *your* NAT router has similar capabilities.

    DS> BTW, protocol-wise, when you use SOCKS for an outgoing
    DS> connection to a FTP server,
    DS> is SOCKS involved in any way on the incoming "active"
    DS> connection then?

Sure, yes.
And I have proof for that.
E.g. the FTP client's protocol, that I supplied you with, shows exactly that.

Actually my socks server ("dante") only did the right thing
after getting a patch applied last week,
but it does that now.

Cheers,
Jochen
Received on 2007-02-12