cURL / Mailing Lists / curl-users / Single Mail

curl-users

Re: curl vs. socks5

From: Jochen Hayek <Jochen+curl_at_Hayek.name>
Date: Mon, 12 Feb 2007 19:14:14 +0100

>>>>> "DB" == Daniel Beardsmore <public_at_telcontar.net> writes:

>> No, dear friend!
>> That's exactly what you should understand: The NAT server does this
>> translation from private inside addresses and ports to that public
>> address and also the reverse!!
>>
>> The NAT router.
>> Try it yourself!
>> I assume *your* NAT router has similar capabilities.

    DB> I don't know that they all do, you know.
    DB> I have a LinkSys EtherFast BEFSR41
    DB> and as far as I know, it doesn't alter any packets at all.

Wrong.
This is exactly, what makes the difference between a NAT router and a standard (non-NAT) router:
The NAT router alters outgoing packets -- it replaces private IP adresses by its (the NAT router's) public IP address.
a non-NAT router doesn't.
A NAT-router keeps a memory of which private IP address communicated with whom outside,
so that it will be able to alter incoming packets appropriately.

If it wouldn't do all that,
how do you think you would get any response on a private IP address going through a router?

    DB> It's certainly a feature of some, but not all.

No, of all of them.

Just that some of them are not perfect and "a little" buggy.

The "active mode" issue is actually more an issue of proxies,
that you cannot influce -- they might prefer "passive mode" and not fall back to "active mode",
and actually a security issue of yourself.
Anybody could try to connect to you on port 20 (the FTP data port),
and because we want to avoid that nowadays, "passive mode" is preferred.

    DB> We had a NAT router at work that wasn't doing packet twiddling, either,
    DB> I think I recall,
    DB> and that caused a lot of problems for FTP.

You're not talking about proxies and FTP?!? Are you?

    DB> [...]

J.
Received on 2007-02-12