From owner-freebsd-current@FreeBSD.ORG Fri Mar 7 20:33:38 2014 Return-Path: <owner-freebsd-current@FreeBSD.ORG> Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id D2775A31 for <freebsd-current@freebsd.org>; Fri, 7 Mar 2014 20:33:38 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id AABB9BD0 for <freebsd-current@freebsd.org>; Fri, 7 Mar 2014 20:33:38 +0000 (UTC) Received: from [10.1.1.1] (S01060001abad1dea.hm.shawcable.net [50.70.146.73]) (Authenticated sender: allan.jude@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id 91C3F65FAB for <freebsd-current@freebsd.org>; Fri, 7 Mar 2014 20:33:37 +0000 (UTC) Message-ID: <531A2D23.30907@allanjude.com> Date: Fri, 07 Mar 2014 15:33:39 -0500 From: Allan Jude <freebsd@allanjude.com> User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: freebsd-current@freebsd.org Subject: Re: ipfw: fetch doesn't reach ftp://fttp.sites.foo References: <20140307195719.654653c9.ohartman@zedat.fu-berlin.de> In-Reply-To: <20140307195719.654653c9.ohartman@zedat.fu-berlin.de> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="U8uILPx6O0Ga7n167wLXOobmlWFCWtrvj" X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org> List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe> List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/> List-Post: <mailto:freebsd-current@freebsd.org> List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help> List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-current>, <mailto:freebsd-current-request@freebsd.org?subject=subscribe> X-List-Received-Date: Fri, 07 Mar 2014 20:33:38 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --U8uILPx6O0Ga7n167wLXOobmlWFCWtrvj Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-03-07 13:57, O. Hartmann wrote: >=20 > Recently I swaitched from pf to ipfw on some CURRENT boxes and for conv= enience I used the > "workstation" predefinition of FreeBSD. But with that change, all acces= s of ports via > fetch located at ftp-sites stopped passing the filter. >=20 > Even switching to "open" doesn't help and this is confusing me. >=20 > The CURRENT box in question is passing its traffic within a LAN through= a gateway running > also FreeBSD CURRENT, but with pf. The gateway is performing NAT. As lo= ng as the failing > client behind the gateway system is using pf as the filter, the traffic= for ftp seems to > pass through. On the gateway with pf as the default filter, the ports f= etching via > ftp-site their sources perform without problems. >=20 > What is up with IPFW? >=20 > Is their a solution? I tried to search google for "freebsd ipfw ftp" bu= t I didn't find > anything suitable targeting my problem or any problem of that kind. >=20 >=20 > Thanks in adavance, >=20 > Oliver=20 >=20 What error does fetch give? Is it having problems with DNS, connection to the FTP site, or just making the FTP DATA connection? Have you tried with 'passive' mode on/off? --=20 Allan Jude --U8uILPx6O0Ga7n167wLXOobmlWFCWtrvj Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTGi0jAAoJEJrBFpNRJZKfXAgP/2oHjeTnQXub6j8mirvtulAO BYPjbA08NPS178VWKUkDTIKU9lFP+czXsqStbbpTjXCax0L0xr2l5IsNokakIJgN e3ubgxyLZ8UgzE0PkBzcmbvueT+OS0c+NFHGFIIe5wQar3bk1JBBrJI5+t9GEXPP fovv6PfTTl3pqfanKneKjOmkR3MOw/g5IjUv0jLk/0xkHcr+EK7PLUJlSbtJaD7r EOePxc5fAr4sKtKumNbyKnrkuPUebeEZvhZLYjmoKmBWjews/j9RccRAtz6W1gAV NpDhmuxywpkgleGTVSSPkBufLvh7hhOfkWN50pCG/9LJUzCd+8ixDI37S2C3j8FA HIGTsQp0X7Y+Unzju1lCbXybkrKc+iF3LrYj/hPGge/2xcdV0CFW0QU76b/O6tUw cNCE8OvicDY/FEQrqH1knk8fOYWkaR2ADG1tqkZ6jtizSmPh99F2/NwMGqVfFG9J ubV02he1GLCeqVxlgYyPZ9TJMhnlASZp/RHi+4CLOgAFPt1l2htZbLLM/o2sfxsq k0rO0mbC3YdO3AsOX9gOe71st+2it3qy4iCFyeAg8r55pQ19pVxvJQeqRei2DKFx HF8+5FLgcvBh+gcALDK7pV72Bf6g0v7PV2EaRDUPNbqxPYZnNj+PoJNAAu7SBDxk EsSTlFHLtu0fu5YDCRbi =dO/j -----END PGP SIGNATURE----- --U8uILPx6O0Ga7n167wLXOobmlWFCWtrvj--