Subject: Re: pf and ftp-proxy
To: None <netbsd-users@netbsd.org>
From: Patrick Welche <prlw1@newn.cam.ac.uk>
List: netbsd-users
Date: 07/15/2005 16:39:15
On Fri, Jul 15, 2005 at 12:04:23AM +0100, Patrick Welche wrote:
> > Unfortunately I already have, that is why the ftp-proxy wrote the
> > debug message. The fun since then is that of course the NetBSD ftp
> > client seems to work no matter what (with or without -A), so I use
> > the microsoft client, whose connection gets blocked by the antivirus
> > software(!) and the xp firewall. After all that I have a working setup
> > on the magic laptop, with a windows 95 client, but not on the desktop.
> > This is the same desktop for which ipf didn't work, and the same laptop
> > for which ipf did work. (What does Feature mask: 0x10a in ipf -V mean?)
> > (http://mail-index.netbsd.org/current-users/2005/07/07/0010.html
> >  http://mail-index.netbsd.org/current-users/2005/07/08/0007.html)
> 
> The only difference I can spot are
> 
>                      working   broken
> ethernet cards       rtk/xi    bge/ex
> 
> With ipf, "bad NAT", with pf, broken active ftp. In both cases a packet
> is blocked going out of the internal interface..

This bit was irrelevant, 0x100 = ipv6. Removed ipv6 from working rtk/xi
setup, and it still worked..
> ipf feature mask     0x10a     0xa

Yet another bge problem?

Patrick