On Sat, 20 Nov 2010 10:11 +0100, "Philip Dodd" <philip.dodd%free.fr@localhost> wrote:On Mon, 25 Oct 2010 21:43:05 +0200, Philip Dodd <philip.dodd%free.fr@localhost> wrote: > Basically my pf.conf contains a "block in all" at the start and a > bunch of rules that allow some stuff to connect on regular ports > inbound. > > FTP client (outbound) from this host works fine over IPv4 but will > fail over IPv6 unless I comment out this line. I'm sure I'm missing something dumb, but I really can't figure out what.I use neither IPv6 nor pf, but if it's something dumb we're after then Ican ask some dumb questions:
Hi,Thanks for the questions - all ideas are most welcome. Just done a few more tests to be sure
It makes no difference, forcing Active or forcing passive (using -A and -p respectively) gives the same behaviour- Is FTP running in passive mode or active mode?
- Is it running in the same mode in both IPv4 and IPv6?
Both modes work on IPv4, and as above, neither works on IPv6 :(
- Do any of the rules that allow inbound traffic happen to allow in FTP-No, the only traffic that's let in is ssh, www, https, smtp, imaps and traffic that matches state from an outbound, and that's both for IPv4 and IPv6. All traffic on IPv4 and IPv6 is passed out, keeping state (though the behaviour looking at tcpdump and pfctl does suggest that it's not keeping state correctly for IPv6 and that that is what is causing the issue as the packets are dropped by the catch all rule at the start, so I guess they don't match the state)related traffic? If you remove them does FTP over IPv4 still work?
- What ports does FTP over IPv6 use?
Same as IPv4
Good Luck!
Thanks, I'm needing it :) Phil