Subject: kern/12066: ipnat: ftp proxy occasionally fails
To: None <>
From: Ingolf Steinbach <>
List: netbsd-bugs
Date: 01/28/2001 06:59:21
>Number:         12066
>Category:       kern
>Synopsis:       ipnat: ftp proxy occasionally fails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 28 07:02:00 PST 2001
>Originator:     Ingolf Steinbach
>Release:        NetBSD-1.5
System: NetBSD isdn 1.5 NetBSD 1.5 (ISDN) #0: Thu Nov 23 15:59:27 MET 2000 ingolf@isdn:/usr/obj/sys/arch/i386/compile/ISDN i386
isdn4bsd 00.90.0

	From time to time, I get problems with active ftp through
	my nat box. The ipnat configuration contains:

	map isp0  ->  proxy port ftp ftp/tcp
	map isp0  ->  portmap tcp/udp 20000:30000
	map isp0  ->

	Sometimes (not always!), active ftp fails:
	maus% ftp -A
	Connected to
	220-You are user number 101 of 260 allowed.
	220-Local time is now 23:23 and the load is 0.80.
	220 You will be disconnected after 1800 seconds of inactivity.
	Name ( ftp
	230 Anonymous user logged in.
	Remote system type is UNIX.
	Using binary mode to transfer files.
	ftp> dir
	501 Syntax error.
	425 Will not open connection to (only to

	ipnat -l on the nat box shows
	List of active sessions:
	MAP     64709 <- ->   64709 [ 21]
        	proxy ftp/6 use 1 flags 0
                	proto 6 flags 0 bytes 1334 pkts 18 data 0xc0374a00 psiz 356
        	FTP Proxy:
                	passok: 1
                	rptr 0xc0374a14 wptr 0xc0374a14 seq 30d8a71c junk 0
                	buf [PORT 192,168,2,1,252,196\015\012\015\012\000]
                	rptr 0xc0374ac4 wptr 0xc0374ac4 seq a5d62a66 junk 0
                	buf [425 Will not open connection to (only to\015\012:23 and the load is 0.80.\015\012220 You will be disconnected after 1800 seconds of inactivity.\015\000]

	The above "ftp -A" was run on (NetBSD-1.5, m68k).
	The NAT box is internally (NetBSD-1.5, i386; plus
	isdn4bsd 00.90.0).

	The ISDN interfacs (isp0) is configured with IP address
	initially (see also ipnat.conf above) which is changed on
	dial-up to the address dynamically assigned by my ISP (in
	the above example:

	During the same "online session", all further attempts to use
	active ftp fail. After termination and re-initiating the ISDN
	connection, active ftp via the proxy usually works again.
	see above