Subject: Re: ftp.netbsd.org requires dash?
To: Quentin Garnier <firstname.lastname@example.org>
From: Courtney R. Spencer <email@example.com>
Date: 08/22/2005 15:36:13
Content-Type: text/plain; charset=us-ascii
On Mon Aug 22, 2005 at 09:19:30PM +0200, Quentin Garnier wrote:
> It's not about the password, you have firewall issues.
> I've seen that issue happen to a fellow developer slightly less than
> two years ago. The packet you're expecting at this point is as large
> as it can be, and apparently some stateful packet filters (that
> understand FTP) are confused by that packet.
> In that story, it appeared that some version of the Checkpoint firewall
> actually expected TCP packets to be aligned with end of lines, which was
> not the case with the motd of the time, for two bytes. That is, making
> the motd file two bytes larger (I suggested increasing the length of the
> fork at the time) made the connection get through.
> I don't remember if admins@ did something about it at the time, and I
> guess the motd has changed by now, but I really think you're experiencing
> a similar issue.
> It might also be related to PPPoE and badly negociated MSS.
> By the way, the 421 message you get comes from the FTP client, not the
Yes, you are quite right that this must be a firewall issue at this
location. I telnetted from other hosts that were not behind a firewall
to ftp.netbsd.org and noticed another ( or continuing ) packet sent=20
after "230" from the netbsd server on those systems.
On the system that is having problems, I only see my ack being sent
after "230". When using "-", I'm able to work around because the
full message is not being sent and thus makes the firewall happy
about the connection.
Thanks for the info.
Courtney R. Spencer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (NetBSD)
-----END PGP SIGNATURE-----