Subject: Re: ipnat ftp proxy fix yet? (ever?)
To: None <,>
From: Manuel Bouyer <>
List: tech-net
Date: 10/28/2004 22:22:21
On Thu, Oct 28, 2004 at 04:12:35PM -0400, Sean Davis wrote:
> Okay. Lets assume for a moment that the bug *is not* in the FTP proxy code
> at all. Why, then, does commenting out the ftp proxy line in my ipnat.conf
> enable passive FTP to work just fine through the NAT? To me that seems a
> clear indication that it's related... perhaps some code is hit by outgoing
> ftp connections when the ftp proxy is active that isn't hit when it isn't
> active? I see your point that it may not be related to the ftp proxy, but it
> still seems the most likely suspect to me, especially in light of the
> difference made by disabling it.

We know that something which should be done by ipnat (the address translation)
is not done propely when a packet goes though the ftp proxy first.
It doens't imply that the problem is in the proxy, it could be that the
changes made to the mbuf in the proxy makes a latent bug in ipnat show up.

You seem to assume that the ftp proxy and ipnat are 2 separate things.
They are not, the ftp proxy does some additionnal processing on the
mbufs, but works closely with ipnat.

Manuel Bouyer <>
     NetBSD: 26 ans d'experience feront toujours la difference