From owner-freebsd-ipfw Tue Aug 6 11:23: 5 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id AC0B737B400 for ; Tue, 6 Aug 2002 11:23:03 -0700 (PDT) Received: from grumpy.dyndns.org (user-24-214-34-52.knology.net [24.214.34.52]) by mx1.FreeBSD.org (Postfix) with ESMTP id 16BCA43E3B for ; Tue, 6 Aug 2002 11:23:03 -0700 (PDT) (envelope-from dkelly@grumpy.dyndns.org) Received: from grumpy.dyndns.org (localhost [127.0.0.1]) by grumpy.dyndns.org (8.12.5/8.12.5) with ESMTP id g76IMult052992 for ; Tue, 6 Aug 2002 13:22:56 -0500 (CDT) (envelope-from dkelly@grumpy.dyndns.org) Received: (from dkelly@localhost) by grumpy.dyndns.org (8.12.5/8.12.5/Submit) id g76IMuGW052991 for freebsd-ipfw@freebsd.org; Tue, 6 Aug 2002 13:22:56 -0500 (CDT) Date: Tue, 6 Aug 2002 13:22:56 -0500 From: David Kelly To: freebsd-ipfw@freebsd.org Subject: natd dies on attempt to open non-passive ftp Message-ID: <20020806182256.GA52948@grumpy.dyndns.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.4i Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Very closely related it ipfw, natd. After the spate of ssh announcements last week I upgraded the office FreeBSD firewall/router to the latest RELENG_4 as of the morning of August 1. Is still using the default ipfw. My natd.conf file is thus: log_facility security log_denied yes dynamic yes use_sockets yes same_ports yes punch_fw 2610:90 Passive ftp has never worked for me thru IPFW/divert/natd but non-passive ftp works peachy. Until today when we dropped off the internet when I thought to visit ftp://ftp.cdrom.com/. Having tried passive and non-passive several times now I never see an entry listed in "ipfw list" when I attempt a passive connection. Then again it doesn't get thru either. And doesn't kill natd. Non-passive I can get all the way thru login. Natd dies on opening a data connection such as "ls". No rules added in ipfw between 2610 and 2699. No message in /var/log/messages. No .core files. Am going to have a go at ipfw2. Currently suspect some of the changes to support ipfw2 have inadvertantly touched ipfw1 but sniffing around I can't find them. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message