From owner-freebsd-security Wed Jun 13 14:59:19 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail4.home.nl (mail4.home.nl [213.51.129.228]) by hub.freebsd.org (Postfix) with ESMTP id 4EE4037B403 for ; Wed, 13 Jun 2001 14:59:13 -0700 (PDT) (envelope-from nascar24@home.nl) Received: from windows ([213.51.193.168]) by mail4.home.nl (InterMail vM.4.01.03.00 201-229-121) with SMTP id <20010613215940.DVZS407.mail4.home.nl@windows>; Wed, 13 Jun 2001 22:59:40 +0100 Message-ID: <03da01c0f454$313b3d50$0900a8c0@windows> From: "Marcel Dijk" To: "Crist Clark" Cc: "Evren Yurtesen" , "Antoine Beaupre (LMC)" , "Thomas T. Veldhouse" , "Jason DiCioccio" , References: <3B2698EF.BD7EF0DB@globalstar.com> <02a201c0f415$4dad56b0$0900a8c0@windows> <3B27D344.82AEDED0@globalstar.com> Subject: Re: IPFW almost works now. Date: Thu, 14 Jun 2001 00:00:00 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2919.6700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > I realize that you are having no problem with your _control_ connection, > your data connection is failing. I was interested in tcpdump(8) to make > sure that the incoming data connection was actually making it to your > server, or just to see what the heck was up with the data connection. OK, here is the TCPDUMP output (I think this is the part you need): 23:52:17.607813 qn-213-73-145-189.quicknet.nl.61636 > cc13708-a.groni1.gr.nl.home.com.ftp: P 116:142(26) ack 497 win 8264 (DF) 23:52:17.608026 cc13708-a.groni1.gr.nl.home.com.ftp > qn-213-73-145-189.quicknet.nl.61636: . ack 142 win 17520 (DF) [tos 0x10] 23:52:17.718530 arp who-has cc53628-a.groni1.gr.nl.home.com tell r1-fe1-0-sec.groni1.gr.home.nl 23:52:17.729564 cc13708-a.groni1.gr.nl.home.com.2124 > 205.188.8.76.aol: P 1131:1206(75) ack 649 win 16579 (DF) 23:52:17.926538 cc13708-a.groni1.gr.nl.home.com.ftp > qn-213-73-145-189.quicknet.nl.61636: P 497:527(30) ack 142 win 17520 (DF) [tos 0x10] 23:52:18.017964 qn-213-73-145-189.quicknet.nl.61636 > cc13708-a.groni1.gr.nl.home.com.ftp: P 142:148(6) ack 527 win 8234 (DF) 23:52:18.020112 cc13708-a.groni1.gr.nl.home.com.ftp-data > qn-213-73-145-189.quicknet.nl.1626: S 1812366928:1812366928(0) win 16384 (DF) [tos 0x8] 23:52:18.065074 qn-213-73-145-189.quicknet.nl.1626 > cc13708-a.groni1.gr.nl.home.com.ftp-data: R 1812366928:1812366928(0) ack 1812366929 win 16384 (DF) [tos 0x8] 23:52:18.065191 205.188.8.76.aol > cc13708-a.groni1.gr.nl.home.com.2124: . ack 1206 win 16384 (DF) 23:52:18.116512 cc13708-a.groni1.gr.nl.home.com.ftp > qn-213-73-145-189.quicknet.nl.61636: . ack 148 win 17520 (DF) [tos 0x10] 23:52:18.170176 cc11639-a.groni1.gr.nl.home.com.1029 > 255.255.255.255.6963: udp 52 23:52:19.155212 0:50:f:21:f9:e6 > 1:80:c2:0:0:0 802.1d ui/C >>> Unknown IPX Data: (43 bytes) [000] 00 00 00 00 00 80 00 00 50 2A 99 34 05 00 00 00 ........ P*.4.... [010] 00 80 00 00 50 2A 99 34 05 80 47 00 00 14 00 02 ....P*.4 ..G..... [020] 00 0F 00 0F 47 72 6F 6E 69 6E 67 ....Gron ing len=43 0000 0000 0080 0000 502a 9934 0500 0000 0080 0000 502a 9934 0580 4700 0014 0002 000f 000f 4772 6f6e 696e 67 I hope you can understand that more than I can... And here is the output of IPFW.LOG: Jun 13 23:41:47 FreeBSD /kernel: ipfw: 615 Accept TCP 213.73.145.189:61617 213.51.193.168:5617 in via ed0 Jun 13 23:41:49 FreeBSD last message repeated 9 times Jun 13 23:41:49 FreeBSD /kernel: ipfw: limit 10 reached on entry 615 I don't see any blocked packats but maybe you know why it's possible to connect to the FTP server but ther server can't send info back tp the client. It's not working in passive and normal mode... Hope you can help, Marcel To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message