On Thu, Dec 06, 2001 at 06:41:58AM -0600, Richard Rauch wrote:
> >From watching tcpdump on both machines (hermes running ftp, and prometheus
> running ipnat/ipf), it appears that the ftp server is trying to send some
> kind of further message, but it never makes it to the client.
> 
> E.g.:
> 
> 06:14:11.832050 ftp.netbsd.org.ftp >
>  adsl-65-66-216-178.dsl.hstntx.swbell.net.65302: . ack 38 win 33580
>  <nop,nop,timestamp 2012901 29433> [tos 0x10]
> 06:14:15.207638 ftp.netbsd.org.ftp >
>  adsl-65-66-216-178.dsl.hstntx.swbell.net.65302: . 117:1077(960) ack 38
>  win  33580 <nop,nop,timestamp 2012907 29433> (frag 35209:992@0+) [tos
>  0x10]
> 06:14:15.210749 ftp.netbsd.org > adsl-65-66-216-178.dsl.hstntx.swbell.net:
>  (frag 35209:488@992) [tos 0x10]
> 
> 
> ...is it significant that the incoming message is (as I understand it)
> being put on port 65302?  ipnat is only mapping 40000:60000 to hermes.
> Those 65302 messages don't seem to make it to the ftp client.

It's not a problem with the port number. however it could be a problen with
fragments. Are you sure you don't block fragments in IPF ?

--
Manuel Bouyer, LIP6, Universite Paris VI.           Manuel.Bouyer@lip6.fr
--