[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    Re: FTP problem - port command not translated
From:       Flemming Laugaard <flemming.laugaard () uni-c ! dk>
Date:       2003-08-14 18:53:40
[Download RAW message or body]

> --On Thursday, August 14, 2003 14:49:07 +0200 Flemming Laugaard 
> <flemming.laugaard@uni-c.dk> wrote:
> 
> >map ste0 xxx.xxx.xxx.xxx/16 -> yyy.yyy.yyy.yyy/32 proxy port ftp ftp/tcp
> >
> >This is the first line of the ipnat.conf, and it's followed by more
> >ftp proxy rules bimaps and rdr's. Everything works just fine, except FTP.
> 
> ipnat is best match, then first match. Your /16 rule is very broad, so 
> other rules may take precedence.

Ok, I had the impression that it always takes first match. There wasn't 
at the "test" moment more than this rule for the xxx net. The symptoms 
were the same whether there is one rule or many.

The FTP port command doesn't get translated. It looks like the proxy
is just ignored. Really annoying.

I had a good look at the firewall today, and noticed that the 
/usr/src/contrib/ipfilter 
and 
/usr/src/sys/contrib/ipfilter/netinet 
was out of sync. especially the ip_ftp_pxy.c. The firewall is now building 
kernel and world to see if it changes anything. 

-- 
Kind regards
Flemming Laugaard
------------------------------------
We don't want to go back to tomorrow, we want to go forward.
	-- Vice President Dan Quayle
[prev in list] [next in list] [prev in thread] [next in thread]