[150234] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Mark Andrews)
Sun Feb 19 20:23:01 2012
To: Joe Greco <jgreco@ns.sol.net>
From: Mark Andrews <marka@isc.org>
In-reply-to: Your message of "Sun, 19 Feb 2012 19:07:32 MDT."
<201202200107.q1K17W5l000294@aurora.sol.net>
Date: Mon, 20 Feb 2012 12:21:44 +1100
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
In message <201202200107.q1K17W5l000294@aurora.sol.net>, Joe Greco writes:
> > > I have running code to make the reverse translations, with
> > > which protocols such as ftp with PORT commands are working.
> >
> > No, I think you do not understand...
> >
> > I have a NAT gateway with a single public address.
> >
> > I have 15 FTP servers and 22 web servers behind it.
> >
> > I want people to be able to go to ftp://<hostname> and/or =
> > http://<hostname> for each of them.
>
> Owen,
>
> Your suggestion here would set many "security experts" heads on fire.
>
> Whatever will they do when NAT doesn't make such things virtually
> impossible?
>
> :-)
Time to write "How to use SRV with FTP". CGN is going to push
the extension of a whole lot of protocols.
Mark
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka@isc.org
