Subject: Re: kern/7368: ipnat not rewriting PORT command 100% of time
To: Greg A. Woods <>
From: Andrew Brown <>
List: netbsd-bugs
Date: 04/15/1999 02:58:56
>> would this be included in a sup (in the last day or so) of 1.4_alpha?
>> if so, i'll check again to see if it works more betterly.
>No, I don't think so.  I've not yet heard a release date even mentioned
>for IP-Filter 3.2.11, and even if it were this week I doubt it would be
>rolled into NetBSD-1.4 at this point (unless it fixed a very serious bug
>of some sort).  You'd have to re-integrate it yourself....

ah.  ok. i'll have to see if i can get that to work.

>> well...that's encouraging. doesn't panic.  only "fracture"
>> (not break) ftp.  ncftp works, as does passive.
>That sounds like a tough one to debug....

after i looked at the packets, it was easy to see the problem.

and after looking at ip_ftp_pxy.c line 144+8, it looks like i just
wanna remove that chunk (or something).  it'll probably fix my
problem.  and i think that ftp clients that don't send the crlf are
dumb (it *is* linux, after all), but clients that will actually "lose"
after a "fix" like this actually *deserve* to lose.  it means that
they're sending the bytes of the port command piece meal.

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."