tech-net: Re: ipnat ftp proxy fix yet? (ever?)

Subject: Re: ipnat ftp proxy fix yet? (ever?)
To: Manuel Bouyer <bouyer@antioche.eu.org>
From: Sean Davis <dive@endersgame.net>
List: tech-net
Date: 10/28/2004 17:15:51

--hQiwHBbRI9kgIhsi
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Thu, Oct 28, 2004 at 10:22:21PM +0200, Manuel Bouyer wrote:
> On Thu, Oct 28, 2004 at 04:12:35PM -0400, Sean Davis wrote:
> > Okay. Lets assume for a moment that the bug *is not* in the FTP proxy c=
ode
> > at all. Why, then, does commenting out the ftp proxy line in my ipnat.c=
onf
> > enable passive FTP to work just fine through the NAT? To me that seems a
> > clear indication that it's related... perhaps some code is hit by outgo=
ing
> > ftp connections when the ftp proxy is active that isn't hit when it isn=
't
> > active? I see your point that it may not be related to the ftp proxy, b=
ut it
> > still seems the most likely suspect to me, especially in light of the
> > difference made by disabling it.
>=20
> We know that something which should be done by ipnat (the address transla=
tion)
> is not done propely when a packet goes though the ftp proxy first.
> It doens't imply that the problem is in the proxy, it could be that the
> changes made to the mbuf in the proxy makes a latent bug in ipnat show up.

Okay. I'll concede that that is a distinct possibility.

> You seem to assume that the ftp proxy and ipnat are 2 separate things.

No. I am assuming that the ftp proxy is a feature of ipnat.

> They are not, the ftp proxy does some additionnal processing on the
> mbufs, but works closely with ipnat.

I am aware of that.

In any case, I give up. I'll come back when I can point out the exact line
of code that is causing the problem. This argument has ceased to be worth
having (if it ever was.)

-Sean

--=20
/~\ The ASCII
\ / Ribbon Campaign                   Sean Davis
 X  Against HTML                       aka dive
/ \ Email!

--hQiwHBbRI9kgIhsi
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (NetBSD)

iD8DBQFBgWGHncZv+931Zb8RAg4IAKCvDfDrv0imaM9VUcRzFegXKS6YFgCfZgw0
mkmC4AbZpofzopemUEwkQLs=
=dNdT
-----END PGP SIGNATURE-----

--hQiwHBbRI9kgIhsi--