Date: Wed, 13 Jun 2001 15:35:33 -0700 From: "Crist Clark" <crist.clark@globalstar.com> To: Marcel Dijk <nascar24@home.nl> Cc: Evren Yurtesen <yurtesen@ispro.net.tr>, "Antoine Beaupre (LMC)" <Antoine.Beaupre@ericsson.ca>, "Thomas T. Veldhouse" <veldy@veldy.net>, Jason DiCioccio <Jason.DiCioccio@Epylon.com>, freebsd-security@FreeBSD.ORG Subject: Re: IPFW almost works now. Message-ID: <3B27EAB5.3FE48A6C@globalstar.com> References: <Pine.BSF.4.33.0106130001350.63354-100000@finland.ispro.net.tr> <3B2698EF.BD7EF0DB@globalstar.com> <02a201c0f415$4dad56b0$0900a8c0@windows> <3B27D344.82AEDED0@globalstar.com> <03da01c0f454$313b3d50$0900a8c0@windows>
next in thread | previous in thread | raw e-mail | index | archive | help
Marcel Dijk wrote: > > > I realize that you are having no problem with your _control_ connection, > > your data connection is failing. I was interested in tcpdump(8) to make > > sure that the incoming data connection was actually making it to your > > server, or just to see what the heck was up with the data connection. > > OK, here is the TCPDUMP output (I think this is the part you need): OK, we got your control connection some AIM traffic and IPX, all with some hideous auto-line-wrapping, but there looks to be a data connection problem in there too. [snip, format recovered] > 23:52:18.020112 cc13708-a.groni1.gr.nl.home.com.ftp-data > qn-213-73-145-189.quicknet.nl.1626: S 1812366928:1812366928(0) win 16384 <mss 1460> (DF) [tos 0x8] > 23:52:18.065074 qn-213-73-145-189.quicknet.nl.1626 > cc13708-a.groni1.gr.nl.home.com.ftp-data: R 1812366928:1812366928(0) ack 1812366929 win 16384 <mss 1460> (DF) [tos 0x8] [snip] The client, qn-213-73-145-189.quicknet.nl, is rejecting the incoming data connection attempt. This looks like a failed PORT (active FTP) attempt where we have a _client_ problem, not a problem at your FTP server. Hmmm, pretty fast net there, 45 ms. > I hope you can understand that more than I can... > > And here is the output of IPFW.LOG: > > Jun 13 23:41:47 FreeBSD /kernel: ipfw: 615 Accept TCP 213.73.145.189:61617 > 213.51.193.168:5617 in via ed0 > Jun 13 23:41:49 FreeBSD last message repeated 9 times > Jun 13 23:41:49 FreeBSD /kernel: ipfw: limit 10 reached on entry 615 None of this traffic is seen in the dump you sent. This might be a PASV (passive) attempt? -- Crist J. Clark Network Security Engineer crist.clark@globalstar.com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact postmaster@globalstar.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3B27EAB5.3FE48A6C>