[150246] in North American Network Operators' Group
Re: Common operational misconceptions
daemon@ATHENA.MIT.EDU (Owen DeLong)
Mon Feb 20 05:07:18 2012
From: Owen DeLong <owen@delong.com>
In-Reply-To: <20120220012144.D239C1D9D0AE@drugs.dv.isc.org>
Date: Mon, 20 Feb 2012 02:04:21 -0800
To: Mark Andrews <marka@isc.org>
Cc: "nanog@nanog.org" <nanog@nanog.org>, Joe Greco <jgreco@ns.sol.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Feb 19, 2012, at 5:21 PM, Mark Andrews wrote:
>
> In message <201202200107.q1K17W5l000294@aurora.sol.net>, Joe Greco writes:
>>>> I have running code to make the reverse translations, with
>>>> which protocols such as ftp with PORT commands are working.
>>>
>>> No, I think you do not understand...
>>>
>>> I have a NAT gateway with a single public address.
>>>
>>> I have 15 FTP servers and 22 web servers behind it.
>>>
>>> I want people to be able to go to ftp://<hostname> and/or =
>>> http://<hostname> for each of them.
>>
>> Owen,
>>
>> Your suggestion here would set many "security experts" heads on fire.
>>
>> Whatever will they do when NAT doesn't make such things virtually
>> impossible?
>>
>> :-)
>
> Time to write "How to use SRV with FTP". CGN is going to push
> the extension of a whole lot of protocols.
That would be the worst case scenario, actually.
Owen
