Subject: kern/12066: ipnat: ftp proxy occasionally fails
To: None <gnats-bugs@gnats.netbsd.org>
From: Ingolf Steinbach <ingolf@jellonet.de>
List: netbsd-bugs
Date: 01/28/2001 06:59:21 
>Number:         12066
>Category:       kern
>Synopsis:       ipnat: ftp proxy occasionally fails
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sun Jan 28 07:02:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Ingolf Steinbach
>Release:        NetBSD-1.5
>Organization:
	none
>Environment:
System: NetBSD isdn 1.5 NetBSD 1.5 (ISDN) #0: Thu Nov 23 15:59:27 MET 2000 ingolf@isdn:/usr/obj/sys/arch/i386/compile/ISDN i386
isdn4bsd 00.90.0

>Description:
	From time to time, I get problems with active ftp through
	my nat box. The ipnat configuration contains:

	map isp0 192.168.2.0/24  -> 0.0.0.0/32  proxy port ftp ftp/tcp
	map isp0 192.168.2.0/24  -> 0.0.0.0/32  portmap tcp/udp 20000:30000
	map isp0 192.168.2.0/24  -> 0.0.0.0/32

	Sometimes (not always!), active ftp fails:
	maus% ftp -A ftp.kde.org
	Connected to max.tat.physik.uni-tuebingen.de.
	220-You are user number 101 of 260 allowed.
	220-Local time is now 23:23 and the load is 0.80.
	220 You will be disconnected after 1800 seconds of inactivity.
	Name (ftp.kde.org:ingolf): ftp
	230 Anonymous user logged in.
	Remote system type is UNIX.
	Using binary mode to transfer files.
	ftp> dir
	501 Syntax error.
	425 Will not open connection to 192.168.2.1 (only to 217.17.194.73)
	ftp>

	ipnat -l on the nat box shows
	List of active sessions:
	MAP 192.168.2.1     64709 <- -> 217.17.194.73   64709 [134.2.170.93 21]
        	proxy ftp/6 use 1 flags 0
                	proto 6 flags 0 bytes 1334 pkts 18 data 0xc0374a00 psiz 356
        	FTP Proxy:
                	passok: 1
        	Client:
                	rptr 0xc0374a14 wptr 0xc0374a14 seq 30d8a71c junk 0
                	buf [PORT 192,168,2,1,252,196\015\012\015\012\000]
        	Server:
                	rptr 0xc0374ac4 wptr 0xc0374ac4 seq a5d62a66 junk 0
                	buf [425 Will not open connection to 192.168.2.1 (only to 217.17.194.73)\015\012:23 and the load is 0.80.\015\012220 You will be disconnected after 1800 seconds of inactivity.\015\000]

	The above "ftp -A" was run on 192.168.2.1 (NetBSD-1.5, m68k).
	The NAT box is 192.168.2.4 internally (NetBSD-1.5, i386; plus
	isdn4bsd 00.90.0).

	The ISDN interfacs (isp0) is configured with IP address 0.0.0.0
	initially (see also ipnat.conf above) which is changed on
	dial-up to the address dynamically assigned by my ISP (in
	the above example: 217.17.194.73).

	During the same "online session", all further attempts to use
	active ftp fail. After termination and re-initiating the ISDN
	connection, active ftp via the proxy usually works again.
>How-To-Repeat:
	see above
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: