On Thu, 15 Apr 1999, Andrew Brown wrote:

> after i looked at the packets, it was easy to see the problem.
> 
> and after looking at ip_ftp_pxy.c line 144+8, it looks like i just
> wanna remove that chunk (or something).  it'll probably fix my
> problem.  and i think that ftp clients that don't send the crlf are
> dumb (it *is* linux, after all), but clients that will actually "lose"
> after a "fix" like this actually *deserve* to lose.  it means that
> they're sending the bytes of the port command piece meal.

I have the same problem (PORTs not being rewritten) with a FreeBSD
2.2.7 ftp client. It IS sending the PORT commands all in one go,
but they are still not rewritten. I even tried the posted patch.

Here is a single packet, picked up with tcpdump, on the "outside"
network:

17:09:09.086327 ijmeer.ubc.kun.nl.1039 > polder.ubc.kun.nl.ftp: P 623641000:623641029(29) ack 1561472507 win 17376 <nop,nop,timestamp 6806 1769175> (DF) [tos 0x10]
                         4510 0051 0a6d 4000 3f06 ff81 83ae 152c
                         83ae 1520 040f 0015 252c 01a8 5d12 2dfb
                         8018 43e0 549f 0000 0101 080a 0000 1a96
                         001a fed7 504f 5254 2031 3331 2c31 3734
                                   P O  R T    1  3  1 , 1  7 4
                         2c32 3338 2c31 3030 2c31 3536 2c37 300d
	                 , 2  3 8  , 1  0  0 , 1  5 6  , 7  0

(with manual ascii dump)
 
ijmeer (131.174.21.44) is the NAT (NetBSD 1.3.3),
polder (131.174.21.32) is the ftp server (NetBSD 1.2.1)
131.174.238.100 is the fake address of the FreeBSD 2.2.7 ftp client.

So what gives? This is rather distressing, I am supposed to have this
firewall working this week...

-Olaf.
--
___ Olaf 'Rhialto' Seibert - rhialto@polder.ubc. ---- Unauthorized duplication,
\X/ .kun.nl ---- while sometimes necessary, is never as good as the real thing.