[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: Understanding pf with FTP on IPv6
On Sat, 20 Nov 2010 08:37:53 -0500, "Ian D. Leroux"
On Sat, 20 Nov 2010 10:11 +0100, "Philip Dodd" <philip.dodd%free.fr@localhost>
On Mon, 25 Oct 2010 21:43:05 +0200, Philip Dodd
> Basically my pf.conf contains a "block in all" at the start and a
> bunch of rules that allow some stuff to connect on regular ports
> FTP client (outbound) from this host works fine over IPv4 but will
> fail over IPv6 unless I comment out this line.
I'm sure I'm missing something dumb, but I really can't figure
I use neither IPv6 nor pf, but if it's something dumb we're after
can ask some dumb questions:
Thanks for the questions - all ideas are most welcome. Just done a few
more tests to be sure
It makes no difference, forcing Active or forcing passive (using -A and
-p respectively) gives the same behaviour
- Is FTP running in passive mode or active mode?
- Is it running in the same mode in both IPv4 and IPv6?
Both modes work on IPv4, and as above, neither works on IPv6 :(
- Do any of the rules that allow inbound traffic happen to allow in
No, the only traffic that's let in is ssh, www, https, smtp, imaps and
traffic that matches state from an outbound, and that's both for IPv4
and IPv6. All traffic on IPv4 and IPv6 is passed out, keeping state
(though the behaviour looking at tcpdump and pfctl does suggest that
it's not keeping state correctly for IPv6 and that that is what is
causing the issue as the packets are dropped by the catch all rule at
the start, so I guess they don't match the state)
related traffic? If you remove them does FTP over IPv4 still work?
- What ports does FTP over IPv6 use?
Same as IPv4
Thanks, I'm needing it :)
Main Index |
Thread Index |