From owner-freebsd-bugs Sun Jun 4 20:10: 6 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 36B3537B64E for ; Sun, 4 Jun 2000 20:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id UAA24213; Sun, 4 Jun 2000 20:10:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from panzer.kdm.org (panzer.kdm.org [216.160.178.169]) by hub.freebsd.org (Postfix) with ESMTP id 0EBAD37B9F9 for ; Sun, 4 Jun 2000 20:07:28 -0700 (PDT) (envelope-from ken@panzer.kdm.org) Received: (from ken@localhost) by panzer.kdm.org (8.9.3/8.9.1) id VAA33671; Sun, 4 Jun 2000 21:07:27 -0600 (MDT) (envelope-from ken) Message-Id: <200006050307.VAA33671@panzer.kdm.org> Date: Sun, 4 Jun 2000 21:07:27 -0600 (MDT) From: ken@kdm.org Reply-To: ken@kdm.org To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/19008: fetch -p doesn't use passive mode Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 19008 >Category: bin >Synopsis: fetch -p doesn't use passive mode >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jun 04 20:10:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Kenneth D. Merry >Release: FreeBSD 5.0-CURRENT i386 >Organization: KDM Enterprises >Environment: -current box as of about May 20th, 2000. >Description: fetch -p doesn't fetch files using passive mode ftp, although if you set the FTP_PASSIVE_MODE variable to "yes", it will. Using capital P instead of lower case p doesn't make any difference. (The code is the same in the fetch source anyway.) >How-To-Repeat: Configure a machine with a firewall that denies most incoming packets, or even just incoming packets from port 20. Try fetching a file with passive mode ftp, like this: fetch -p ftp://ftp.freebsd.org/pub/FreeBSD/README.TXT Watch the firewall logs: ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0 ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0 ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0 ipfw: 1040 Deny TCP 209.155.82.20:20 A.B.C.D:49159 in via de0 Obviously fetch used active mode instead of passive mode. In passive mode, the client connects to the server, not vice versa, as my firewall logs show. Interestingly enough, if you set FTP_PASSIVE_MODE to "yes", fetch will get files in passive mode. >Fix: I don't have a fix. I looked into this a little bit, and it looks like the problem is likely somewhere in libftpio, but it wasn't obvious to me at first glance what the problem is. >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message