From owner-freebsd-pf@FreeBSD.ORG Wed Nov 16 00:24:19 2005 Return-Path: X-Original-To: freebsd-pf@freebsd.org Delivered-To: freebsd-pf@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B6DF316A41F for ; Wed, 16 Nov 2005 00:24:19 +0000 (GMT) (envelope-from schoch6@gmail.com) Received: from zproxy.gmail.com (zproxy.gmail.com [64.233.162.199]) by mx1.FreeBSD.org (Postfix) with ESMTP id 55DFD43D45 for ; Wed, 16 Nov 2005 00:24:19 +0000 (GMT) (envelope-from schoch6@gmail.com) Received: by zproxy.gmail.com with SMTP id k1so1576510nzf for ; Tue, 15 Nov 2005 16:24:18 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:sender:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=txmiFtlLJZi2Bb2ECTKohgB/CyxpN2bH9QKkeh3aSzHvxPtyUoq7R3HJfd0/e2dW5rLnjhBelxxjdirYZD6iYO4KGo97Sx9RO71i4IKGQvKCi9eF4/xRJGney6Sjl5dr7SfxYX58ZISkrGK/F6jZzCYrbv5mMeYVieevU9ySpBM= Received: by 10.36.247.5 with SMTP id u5mr5627660nzh; Tue, 15 Nov 2005 16:24:18 -0800 (PST) Received: by 10.36.101.18 with HTTP; Tue, 15 Nov 2005 16:24:18 -0800 (PST) Message-ID: <6650332b0511151624g6333cae6md931f95ea71e6572@mail.gmail.com> Date: Tue, 15 Nov 2005 16:24:18 -0800 From: Steven Schoch Sender: schoch6@gmail.com To: freebsd-pf@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: Another problem with ftp-proxy X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 16 Nov 2005 00:24:19 -0000 This one seems to be caused by a mis-behaving FTP client, in this case ClickTracks. But ftp-proxy looks like it's doing something wrong. Here are a few lines from the logfile: Nov 15 16:05:01 freebsd ftp-proxy[27010]: client line buffer is "STRU F^M " Nov 15 16:05:01 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:01 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:01 freebsd ftp-proxy[27010]: server line buffer is "200 Structure okay.^M " Nov 15 16:05:01 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:01 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:01 freebsd ftp-proxy[27010]: client line buffer is "CWD " Nov 15 16:05:01 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:01 freebsd ftp-proxy[27010]: client line buffer is "^M " Nov 15 16:05:01 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:03 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:03 freebsd ftp-proxy[27010]: server line buffer is "501 Syntax error in parameters.^M " Nov 15 16:05:03 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:03 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:03 freebsd ftp-proxy[27010]: client line buffer is "PASV^M " Nov 15 16:05:03 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:06 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:06 freebsd ftp-proxy[27010]: server line buffer is "500 Syntax error, command unrecognized.^M " Nov 15 16:05:06 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:06 freebsd ftp-proxy[27010]: client is alive; server is alive Nov 15 16:05:06 freebsd ftp-proxy[27010]: server line buffer is "227 Entering Passive Mode (209,197,97,252,208,116)^M " Notice that most of the client line buffers end in ^M, which I assume is a good clue that the next character is a newline, but the "CWD" line seems to be split in two, which results in two responses from the server: "501 Syntax error" and "500 Syntax error". The client seems to handle the first 501 error ok, but since the 500 error is still in its buffer, it sees that as an error to the "PASV" command. Anyone else seen this? -- Steve