'ip-filter-3.3.16 ftp-proxy & efs (xemacs)'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipfilter
Subject:    ip-filter-3.3.16 ftp-proxy & efs (xemacs)
From:       Ronald Florence <ron () 18james ! com>
Date:       2000-06-26 2:19:16
[Download RAW message or body]

Is there an incompatability between the ftp-proxy in ip-filter-3.3.16
and the efs package (v1.16) in late version of xemacs?

I use the efs package extensively locally, and used to use it to work
on files on remote machines.  Since updating to ip-filter-3.3.16,
efs-1.16 with xemacs-21.1.7 no longer seems to work through the
ftp-proxy.  Other ftp clients work fine with the ip-filter ftp-proxy,
but when I try efs in xemacs from one of our Sun workstations, the
connection never gets established, and I see ftp-data connections
attempts getting blocked in the ipmon logs:

Jun 25 21:14:54 rosie ipmon[28474]: 21:14:54.351347  le1 @1:8 b \
                members.home.net,ftp-data -> firewall,38586 PR tcp len 20 44 -S IN
Jun 25 21:56:38 rosie ipmon[28474]: 21:56:38.655010  le1 @1:8 b \
                zephyr.ns.purchase.edu,ftp-data -> firewall,38748 PR tcp len 20 44 -S \
                IN
Jun 25 21:57:29 rosie ipmon[28474]: 21:57:29.071654  le1 @1:8 b \
oak.conncoll.edu,ftp-data -> firewall,38774 PR tcp len 20 48 -S IN

FWIW, this is on Sparc-Solaris-2.6.   Ipf.conf includes a 

  pass out quick proto tcp from any port != netbios-ssn to any keep state keep frags \
group 2

rule to allow tcp connections from inside, and ipnat.conf includes ftp
proxy rules for both the firewall machine and the clients:

  map le1 192.101.32.0/24 -> firewall/32 proxy port ftp ftp/tcp
  map le1 firewall/32 -> firewall/32 proxy port ftp ftp/tcp

Ange-ftp with emacs works fine from a NAT-client PC on the network to
remote machines.  Command line ftp clients work fine from the Sun
boxes.  Efs works fine from Sun boxes to other machines on the
network.  Only efs-1.16 from the Sun boxes to remote machines fails.

Earlier version of efs and earlier versions of ip-filter worked fine.

I'm stumped.

-- 

Ronald Florence			http://members.home.net/18james


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic