Date: Thu, 04 Sep 2003 02:37:47 +0200 From: Marcin Gryszkalis <mg@fork.pl> To: ipfw@freebsd.org Subject: punch_fw and passive mode Message-ID: <3F56895B.9060309@fork.pl>
next in thread | raw e-mail | index | archive | help
Hi
I have little problem with natd's punch_fw option
and passive mode ftp clients connecting
from inside of firewall (from behind nat).
It just does nothing for passive connection.
For active mode 2 rules are added and everything
works ok.
I looked at the sources and It seems to be
that way by design, there's such piece of code
in alias_ftp.c
-------------------------
if (ntohs(tc->th_dport) == FTP_CONTROL_PORT_NUMBER) {
/*
* When aliasing a client, check for the PORT/EPRT command.
*/
if (ParseFtpPortCommand(sptr, dlen))
ftp_message_type = FTP_PORT_COMMAND;
else if (ParseFtpEprtCommand(sptr, dlen))
ftp_message_type = FTP_EPRT_COMMAND;
} else {
/*
* When aliasing a server, check for the 227/229 reply.
*/
if (ParseFtp227Reply(sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(sptr, dlen)) {
ftp_message_type = FTP_229_REPLY;
true_addr.s_addr = pip->ip_src.s_addr;
}
}
-------------------------
what would be broken if we remove this client-server
if-else?
-------------------------
if (ParseFtpPortCommand(sptr, dlen))
ftp_message_type = FTP_PORT_COMMAND;
else if (ParseFtpEprtCommand(sptr, dlen))
ftp_message_type = FTP_EPRT_COMMAND;
else if (ParseFtp227Reply(sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(sptr, dlen)) {
ftp_message_type = FTP_229_REPLY;
true_addr.s_addr = pip->ip_src.s_addr;
}
-------------------------
regards
--
Marcin Gryszkalis
http://fork.pl
<><
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3F56895B.9060309>