Question FTP and NAT Question (Conceptual)

[Terpinator]

During my studies I am having a tough time wrapping my head around something. This is my understanding based on the explanation I read, so it is entirely possible that I just have it entirely wrong.

My current understanding is that with Active FTP, an FTP client send out to port 21. (So my understanding is the source port would be an arbitrary port # and the destination port is port 21).
The FTP server send back with the destination port of the ephemeral port number and a source port of 20.

If the destination port is the same as the client made it when sending it out, why is it that NAT cannot translate it back to the private IP/port and determine the correct device to send the information to.

For example if the client had a socket of 192.168.1.50:10000 and NAT translates that to Public IP:65987, and then the NAT router receives a reply from the FTP server to Public IP:65987, I am not sure why NAT can't translate it back to the correct device even though the source port on the server side changed.

 

[Ralston18]

Not really certain about the phrasing of your question:

" I am not sure why NAT can't translate it back to the correct device even though the source port on the server side changed" [ Did you mean "did not change"?]

Will a bit blindly crawl out on the proverbial limb here just to sort of work out the question and answer(s).

As long as the server's outgoing packet is addressed to the correct destination device it should not matter which outgoing source port was used on the server.

 

[Terpinator]

Maybe this will help. Below is the word for word explanation I am getting hung up on. The wording is just confusing me.

"Remember that FTP uses TCP ports 20 and 21? Well, when your client sends an FTP request, it goes out on port 21. When your FTP server responds, however, it sends the data back using an ephemeral destination port and port 20 as a source port.

Active FTP works great unless your client uses NAT. Since your client didn't initiate the incoming port 20, your NAT router has no idea where to send this incoming packet."

I was under the assumption that the ephemeral destination port was the one set by the client which would be listed in the NAT table. I am just getting lost at the point where the NAT router doesn't know where to send the packet.

EDIT: I must have mistakenly placed this in the apps/software section. I meant to post it to the Networking forum.

 

[Terpinator]

I figured it out. I was just asking the question in an odd way. NAT doesn't know what to do with it because the NAT table will show the translated IP/port for the connection initiated to port 21 from the client side for the control connection. However, when the server attempts to open a connection using port 20 for the data stream, NAT does not have an entry in its table matching a connection that has port 20 open, and thus has no idea where to send the packet.