netbsd-users: Re: IPF, IPNAT, and FTP data connections

Subject: Re: IPF, IPNAT, and FTP data connections
To: henry nelson <netb@irm.nara.kindai.ac.jp>
From: Steven M. Bellovin <smb@research.att.com>
List: netbsd-users
Date: 09/27/2001 22:40:54

In message <20010928101110.A16550@irm.nara.kindai.ac.jp>, henry nelson writes:
>On Thu, Sep 27, 2001 at 10:28:33AM -0400, NetBSD Mailing-List wrote:
>> ftp> dir
>> 200 PORT command successful.
>> 425 Can't build data connection: Connection refused.
>[...]
>> Any suggestions as to why this setup is failing?  ipfstat -ih shows no
>
>I've come to the conclusion that it is the server's setup that is causing
>this problem.  If you are connected with
>        "ftp.netbsd.org FTP server (NetBSD-ftpd 20010417) ready."
>or a like server (most netbsd repositories), it always fails in this manner.
>Most other ftp servers work fine for me.  All I can recommend is to find a
>mirror that is not using NetBSD's ftpd.
>
>To test my theory, try:
>        "isrv4.isc.org FTP server (Version wu-2.6.1(5)"
>This and all other "wu" servers work great from here.
>
>henry nelson
>
I missed the original post, but it sounds like the old clash between 
(some) Checkpoint firewalls and NetBSD's ftpd.  Is the client behind a 
Checkpoint firewall?

		--Steve Bellovin, http://www.research.att.com/~smb
				  http://www.wilyhacker.com