From owner-freebsd-stable Thu Aug 17 22:34: 7 2000 Delivered-To: freebsd-stable@freebsd.org Received: from po.monkeybrains.net (rudy-1.dsl.speakeasy.net [216.231.58.3]) by hub.freebsd.org (Postfix) with ESMTP id C473E37B43E for ; Thu, 17 Aug 2000 22:34:03 -0700 (PDT) Received: from monkeybrains.net (rururudy-0.dsl.speakeasy.net [216.231.57.142]) by po.monkeybrains.net (8.9.3/8.9.3) with ESMTP id WAA34478; Thu, 17 Aug 2000 22:31:45 -0700 (PDT) (envelope-from rudybulk@monkeybrains.net) Message-ID: <399CCCEB.8224CB45@monkeybrains.net> Date: Thu, 17 Aug 2000 22:43:07 -0700 From: Rudy R Organization: MonkeyBrains.net X-Mailer: Mozilla 4.74 [en] (Win98; U) X-Accept-Language: en,pdf MIME-Version: 1.0 To: freebsd-stable@freebsd.org Subject: ftpd problem fixed! Have the DIVERT sockets changed? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG I finally (after about 4 hours of hitting my head on the wall) figured it out. Simple really. I am running 'natd' on FreeBSD 4.1 ... The _out_going_ active connection is mapped to the masquerading IP of the box! I have a setup where a box has 5 ips on it and maps ips for about 20 people behind the firewall. I added a new rule to my firewall (before the divert rule) which 'fixes' the problem (rule #00090): 00090 4 705 allow tcp from any 20 to any out xmit ed0 00099 15 2937 divert 8668 ip from any to any via ed0 This rule lets anything from the FTP port out via my outside interface. BTW, Freebsd must have changed the way ipfw works, cause I was having no problems a couple of months ago. I don't *think* that aliased IPs where affected by the divert rule in 4.0. (I don't think they should be either! Only traffic form my second interface, ed1, should get rewritten by natd.) Rudy To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message