[QUESTION] - Reasons why NAT workaround works only for private IP

[nejcgalof]

Short question:: Why does the NAT workaround work only for private IPs?

I am having problems using the NAT workaround and private IP addresses. Some FTP servers for file exchange in passive mode return the TCP address 0.0.0.0 with a specific port. The device and server are in the same network subnet.

We need to resolve that 0.0.0.0 address by using the peer_addr() function, which returns the socket address of the remote peer of this TCP connection. This means, in our case, that 0.0.0.0 transforms into the actual IP. Here is also the idea of the NAT workaround. In the code, we can see what are the conditions to do that. We need to set the nat workaround, and the IP (which the FTP server gives us) needs to be private. We need to resolve that 0.0.0.0 address by using the peer_addr() function, which returns the socket address of the remote peer of this TCP connection. This means, in our case, that 0.0.0.0 transforms into the actual IP. Here is also the idea of the NAT workaround.

The problem is that 0.0.0.0 is not a private IP, which means that we can not resolve it.

If I remove the checking && ip.is_private() in the code, the resolving works nicely, and I can transfer data to the FTP server.

Additional helps:

• For easier testing, you can use the dockerized FTP server with the default settings in vsftpd.conf. The server returns the IP 0.0.0.0.
• I also tried the Python script with ftplib.FTP library, where the library successfully resolves the IP with the same network setup. Suppaftp works differently with that resolving.