From owner-freebsd-current@FreeBSD.ORG Fri Mar 7 18:57:32 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 1089C88F for ; Fri, 7 Mar 2014 18:57:32 +0000 (UTC) Received: from outpost1.zedat.fu-berlin.de (outpost1.zedat.fu-berlin.de [130.133.4.66]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id C32891A0 for ; Fri, 7 Mar 2014 18:57:31 +0000 (UTC) Received: from inpost2.zedat.fu-berlin.de ([130.133.4.69]) by outpost.zedat.fu-berlin.de (Exim 4.82) for freebsd-current@freebsd.org with esmtp (envelope-from ) id <1WLzxT-003Vhv-Us>; Fri, 07 Mar 2014 19:57:23 +0100 Received: from e179133143.adsl.alicedsl.de ([85.179.133.143] helo=thor.walstatt.dyndns.org) by inpost2.zedat.fu-berlin.de (Exim 4.82) for freebsd-current@freebsd.org with esmtpsa (envelope-from ) id <1WLzxT-003qnc-Rd>; Fri, 07 Mar 2014 19:57:23 +0100 Date: Fri, 7 Mar 2014 19:57:19 +0100 From: "O. Hartmann" To: FreeBSD CURRENT Subject: ipfw: fetch doesn't reach ftp://fttp.sites.foo Message-ID: <20140307195719.654653c9.ohartman@zedat.fu-berlin.de> Organization: FU Berlin X-Mailer: Claws Mail 3.9.3 (GTK+ 2.24.22; amd64-portbld-freebsd11.0) MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; boundary="Sig_/9jGvmqF1JG8fU6+yl.B63Wf"; protocol="application/pgp-signature" X-Originating-IP: 85.179.133.143 X-ZEDAT-Hint: A X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 07 Mar 2014 18:57:32 -0000 --Sig_/9jGvmqF1JG8fU6+yl.B63Wf Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Recently I swaitched from pf to ipfw on some CURRENT boxes and for convenie= nce I used the "workstation" predefinition of FreeBSD. But with that change, all access of= ports via fetch located at ftp-sites stopped passing the filter. Even switching to "open" doesn't help and this is confusing me. The CURRENT box in question is passing its traffic within a LAN through a g= ateway running also FreeBSD CURRENT, but with pf. The gateway is performing NAT. As long a= s the failing client behind the gateway system is using pf as the filter, the traffic for= ftp seems to pass through. On the gateway with pf as the default filter, the ports fetch= ing via ftp-site their sources perform without problems. What is up with IPFW? Is their a solution? I tried to search google for "freebsd ipfw ftp" but I = didn't find anything suitable targeting my problem or any problem of that kind. Thanks in adavance, Oliver=20 --Sig_/9jGvmqF1JG8fU6+yl.B63Wf Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (FreeBSD) iQEcBAEBAgAGBQJTGhaTAAoJEOgBcD7A/5N8gr8IAOcpMKIpGH0nZvIcFrcdE946 E0nEjcOAVqosj48FzX6K+sA/MPzGCTVaeQJyxpylNrB8NUATmn5opgem0evEhduD KJBrH1Md5b/uAzqxc68kl0li7j8gOHpQ4gjIhmbwhs+Bn2NJM7kdy6jvfcLLKThO 2MKVy1QNYBou5DdvqNhriXT9xJfzCTCntK7u/oopSBGKps9YTSgY8i39fJAxnj/o IwY1+AN+qtUCVe9JTH6GoltwFVkrNspBTGT3nzGTYcs5lEtobsDJ5eGCZdmaTVU6 ek2E9SEN1fLKBOSyI2fgogS4dwvxRLg86ZvxjwbM6PGpJ3C6NopptT42aZPH2H4= =vRnN -----END PGP SIGNATURE----- --Sig_/9jGvmqF1JG8fU6+yl.B63Wf--