?
To: Quentin Garnier <cube@cubidou.net>
From: Courtney R. Spencer <cspencer@mindspring.com>
List: netbsd-users
Date: 08/22/2005 15:36:13
--O5XBE6gyVG5Rl6Rj
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Mon Aug 22, 2005 at 09:19:30PM +0200, Quentin Garnier wrote:
> It's not about the password, you have firewall issues.
>=20
> I've seen that issue happen to a fellow developer slightly less than
> two years ago. The packet you're expecting at this point is as large
> as it can be, and apparently some stateful packet filters (that
> understand FTP) are confused by that packet.
>=20
> In that story, it appeared that some version of the Checkpoint firewall
> actually expected TCP packets to be aligned with end of lines, which was
> not the case with the motd of the time, for two bytes. That is, making
> the motd file two bytes larger (I suggested increasing the length of the
> fork at the time) made the connection get through.
>=20
> I don't remember if admins@ did something about it at the time, and I
> guess the motd has changed by now, but I really think you're experiencing
> a similar issue.
>=20
> It might also be related to PPPoE and badly negociated MSS.
>=20
> By the way, the 421 message you get comes from the FTP client, not the
> server.
>=20
Yes, you are quite right that this must be a firewall issue at this
location. I telnetted from other hosts that were not behind a firewall
to ftp.netbsd.org and noticed another ( or continuing ) packet sent=20
after "230" from the netbsd server on those systems.
On the system that is having problems, I only see my ack being sent
after "230". When using "-", I'm able to work around because the
full message is not being sent and thus makes the firewall happy
about the connection.
Thanks for the info.
--=20
Courtney R. Spencer
--O5XBE6gyVG5Rl6Rj
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
iD8DBQFDCikt6gnG8GGUAYIRAr65AJ9qa+QpR9GRpLY9rGXHYC0jKkztzgCfVxk6
CUboG3nD0/+w5DnCI+Ysbcw=
=ioNo
-----END PGP SIGNATURE-----
--O5XBE6gyVG5Rl6Rj--