From owner-freebsd-current@FreeBSD.ORG Fri Dec 14 22:55:49 2007 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 3142216A41B; Fri, 14 Dec 2007 22:55:49 +0000 (UTC) (envelope-from fbsd@opal.com) Received: from smtp.vzavenue.net (smtp.vzavenue.net [66.171.59.140]) by mx1.freebsd.org (Postfix) with ESMTP id B65F713C458; Fri, 14 Dec 2007 22:55:48 +0000 (UTC) (envelope-from fbsd@opal.com) Received: from 98.79.171.66.subscriber.vzavenue.net (HELO homobox.opal.com) ([66.171.79.98]) by smtp.vzavenue.net with ESMTP; 14 Dec 2007 17:55:46 -0500 X-REPUTATION: None X-REMOTE-IP: 66.171.79.98 X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: Ah4FAMaRYkdCq09i/2dsb2JhbACBWqgN X-IronPort-AV: i="4.24,169,1196658000"; d="asc'?scan'208"; a="172731642:sNHT39582981" Received: from linwhf.opal.com (localhost [127.0.0.1]) (authenticated bits=0) by homobox.opal.com (8.13.8/8.13.8) with ESMTP id lBEMtj6x078689; Fri, 14 Dec 2007 17:55:46 -0500 (EST) (envelope-from fbsd@opal.com) Received: from linwhf.opal.com ([192.168.3.65] helo=linwhf.opal.com) by ASSP-nospam; 14 Dec 2007 17:55:45 -0500 Date: Fri, 14 Dec 2007 17:55:41 -0500 From: "J.R. Oldroyd" To: Max Laier Message-ID: <20071214175541.158bfa29@linwhf.opal.com> In-Reply-To: <200712142322.29072.max@love2party.net> References: <20071214153229.17383065@linwhf.opal.com> <200712142239.13422.max@love2party.net> <20071214170722.5e5853c3@linwhf.opal.com> <200712142322.29072.max@love2party.net> X-Mailer: Claws Mail 3.0.2 (GTK+ 2.12.1; i386-unknown-freebsd7.0) Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_/85en72jKkEPn7rOr2MhpDa+"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: Remko Lodder , freebsd-current@freebsd.org Subject: Re: deprecate ftp-proxy in favor of ftp/pftpx X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 14 Dec 2007 22:55:49 -0000 --Sig_/85en72jKkEPn7rOr2MhpDa+ Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Fri, 14 Dec 2007 23:22:22 +0100, Max Laier wrote: >=20 > from src/UPDATING: >=20 > 20070702: > The packet filter (pf) code has been updated to OpenBSD 4.1 Please > note the changed syntax - keep state is now on by default. Also > note the fact that ftp-proxy(8) has been changed from bottom up and > has been moved from libexec to usr/sbin. Changes in the ALTQ > handling also affect users of IPFW's ALTQ capabilities. >=20 > I'm afraid it hasn't made it's way to the Release notes, yet. >=20 > The ftp-proxy(8) manpage provides configuration examples and details. >=20 Ah, I have found the problem. =20 Admittedly, I was under the impression that the proxy host here had been upgraded to 7.0; this turns out to be not the case. The ftp-proxy host in question is one of the few here that has not yet been upgraded from 6.2 to 7.0. It is therefore still running the OpenBSD 3.7-derived ftp-proxy. A bunch of desk/laptops here have recently been upgraded to 7.0 and with that came recent versions of firefox. I gather that a change in firefox documented here: http://www.mozilla.org/security/announce/2007/mfsa2007-11.html no longer permits the behavior of ftp-proxy in changing the data port, making recent versions of firefox incompatible with the old ftp-proxy. That's why firefox appeared to stop working. I do see that the ftp-proxy on 7.0 has been changed and that the man page does look rather like the one for pftpx, so I now see that what you're saying, Max, looks right. =20 The problem I ran into, that of having new 7.0 desktops and recent versions of tools like firefox, together with a 6.x firewall/proxy host, may be a situation others run into over the next few weeks. Perhaps it's worth posting a heads up to stable@ once 7.0 is released, explaining that folks still using 6.x on a firewall/proxy will need to replace ftp-proxy with ftp/pftpx, and then go back to ftp-proxy when they upgrade the firewall/proxy host to 7.x. I had seen the note in UPDATING, but that note does not mention the breakage with firefox or what the solution is. -jr --Sig_/85en72jKkEPn7rOr2MhpDa+ Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (FreeBSD) iD8DBQFHYwntls33urr0k4kRAoYVAJ0a8N48ksfB3KM3MtS2W6II77CHGwCdE0tD 5LqIbsyiUVpN4mRTHNXn7O4= =+8iu -----END PGP SIGNATURE----- --Sig_/85en72jKkEPn7rOr2MhpDa+--