>Number:         21334
>Category:       bin
>Synopsis:       NAT halts on ipfs(8) restore in case of ftp proxy used
>Confidential:   no
>Severity:       critical
>Priority:       medium
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Apr 27 00:04:00 UTC 2003
>Closed-Date:
>Last-Modified:
>Originator:     Mike M. Volokhov
>Release:        NetBSD 1.6.1_STABLE
>Organization:
Terabyte ACS
>Environment:
	
	
System: NetBSD tough.terabyte.com.ua 1.6.1_STABLE NetBSD 1.6.1_STABLE (TOUGH-$Revision: 1.3 $) #0: Thu Apr 24 15:21:05 EEST 2003 mishka@tough.terabyte.com.ua:/usr/src/sys/arch/i386/compile/TOUGH i386
Architecture: i386
Machine: i386
IPFilter:  compiled at the same time as a kernel (see "System" above) using build.sh script
>Description:

	Greetings!

	When ipnat ftp proxy is enabled, the states saved by ipfs(8)
	can't be successfully restored in case of opened ftp sessions
	have been occured during the save time. Moreover, it brings
	to ipfs(8) core dump and the ipnat rules still in the lock
	state. Thus, all nat diversions are not work after.

	A message similar to following may be shown from the "ipfs -R":

	    incomplete read: 264 != 644

	and then ipfs fails with core dump.

	The problem also present on NetBSD 1.6 stable (from Nov 2002).

>How-To-Repeat:

	Let's assume "x.x.x.0" is a internal LAN, "y.y.y.y" is
	an external ip of nat box, and "z.z.z.z" is an ftp server.

	1) Enable ipnat including ftp proxy:

		y.y.y.y> ipnat -l
		map ed0 x.x.x.0/24 -> y.y.y.y/32 proxy port ftp ftp/tcp
		map ed0 x.x.x.0/24 -> y.y.y.y/32 portmap 40000:65000
		map ed0 x.x.x.0/24 -> y.y.y.y/32

	2) open some ftp session to external server via nat:

		x.x.x.1> ftp z.z.z.z
		Connected to z.z.z.z.
		220 z.z.z.z FTP server ready.
		Name:
		<and that's enough>

	3) on the nat box try to save and then restore nat states:

		y.y.y.y> /etc/rc.d/ipfs restart

>Fix:
	
	I'll be happy to assist if needed.

	BR, Mishka.
>Release-Note:
>Audit-Trail:
>Unformatted: