Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Aug 2002 17:36:44 -0500
From:      David Kelly <dkelly@hiwaay.net>
To:        Luigi Rizzo <rizzo@icir.org>
Cc:        freebsd-ipfw@FreeBSD.ORG
Subject:   Re: natd dies on attempt to open non-passive ftp
Message-ID:  <20020806223644.GA53755@grumpy.dyndns.org>
In-Reply-To: <20020806192048.GA53166@grumpy.dyndns.org>
References:  <20020806182256.GA52948@grumpy.dyndns.org> <20020806184126.GA53108@grumpy.dyndns.org> <20020806114516.A33595@iguana.icir.org> <20020806192048.GA53166@grumpy.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Tue, Aug 06, 2002 at 02:20:48PM -0500, David Kelly wrote:
> On Tue, Aug 06, 2002 at 11:45:16AM -0700, Luigi Rizzo wrote:
> 
> Will report back success or failure, after I clean up my own mess.

Mostly false alarm. Problem mixing HEAD and RELENG_4 as of last week.
Pure RELENG_4 as of this morning works as correct as it ever did. No
IPFW2 features enabled.

Playing with passive and non-passive ftp, natd/libalias does not see
passive ftp attempts from MacOS X/Darwin's CLI ftp client. Non-passive
ftp works fine as this snapshot of transient rules show:

02500    3    180 allow log tcp from any 1024-65535 to any 21 in recv fxp0 setup
02600    3    180 allow log tcp from any 1024-65535 to any 21 out xmit fxp1 setup
02615    0      0 allow tcp from 10.0.0.22 49193 to 62.243.72.50 20
02615    2    120 allow tcp from 62.243.72.50 20 to 10.0.0.22 49193
02617    0      0 allow tcp from 10.0.0.22 49194 to 62.243.72.50 20
02617    2    120 allow tcp from 62.243.72.50 20 to 10.0.0.22 49194

As I understand rules 2615 and 2617 would support passive ftp, if that
is what was happening?

-- 
David Kelly N4HHE, dkelly@hiwaay.net
=====================================================================
The human mind ordinarily operates at only ten percent of its
capacity -- the rest is overhead for the operating system.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020806223644.GA53755>