Subject: Re: ipnat ftp proxy: any news?
To: Douglas Brebner <email@example.com>
From: Steven M. Bellovin <firstname.lastname@example.org>
Date: 09/05/2004 07:53:27
In message <email@example.com>, Douglas Brebner w
>On Thu, 2 Sep 2004 20:37:48 -0400
>Sean Davis <firstname.lastname@example.org> wrote:
>> On Thu, Sep 02, 2004 at 05:50:01AM +0000, Matthias Scheler wrote:
>> > In article <20040901220547.GB28724@endersgame.net>,
>> > Sean Davis <email@example.com> writes:
>> > > If you have a more likely suggestion as to where the problem is,
>> > > I'm all ears.
>> > It sounds more like:
>> > *26581: IPF blocks legitimate packets due to incorrect TCP window
>> > check
>> That could be it, but if so, I'm wondering why I never saw it happen
>> on the i386 machine, as I do plenty of ftp downloads through NAT..
>> (pkgsrc on multiple machines, etc)
>FWIW, I've seen it happen on i386 machines, usually when the ftp server
>sends multiple lines in a response.
The classic version of that involved Checkpoint firewalls. This sounds
--Steve Bellovin, http://www.research.att.com/~smb