Common operational misconceptions

Owen DeLong owen at delong.com
Mon Feb 20 04:04:21 CST 2012


On Feb 19, 2012, at 5:21 PM, Mark Andrews wrote:

> 
> In message <201202200107.q1K17W5l000294 at aurora.sol.net>, Joe Greco writes:
>>>> I have running code to make the reverse translations, with
>>>> which protocols such as ftp with PORT commands are working.
>>> 
>>> No, I think you do not understand...
>>> 
>>> I have a NAT gateway with a single public address.
>>> 
>>> I have 15 FTP servers and 22 web servers behind it.
>>> 
>>> I want people to be able to go to ftp://<hostname> and/or =
>>> http://<hostname> for each of them.
>> 
>> Owen,
>> 
>> Your suggestion here would set many "security experts" heads on fire.
>> 
>> Whatever will they do when NAT doesn't make such things virtually
>> impossible?
>> 
>> :-)
> 
> Time to write "How to use SRV with FTP".  CGN is going to push
> the extension of a whole lot of protocols.

That would be the worst case scenario, actually.

Owen




More information about the NANOG mailing list