On Fri, 29 Oct 2004 04:10:05 +0000 (UTC), Geoff Wing
<mason@primenet.com.au> wrote:
> Sean Davis <dive@endersgame.net> typed:
> : Okay. Lets assume for a moment that the bug *is not* in the FTP proxy code
> : at all. Why, then, does commenting out the ftp proxy line in my ipnat.conf
> : enable passive FTP to work just fine through the NAT?
> 
> How far back do you have to go to get working sources?  I had a problem late
> August (or early Sep) which broke IPSEC proxy (my pr #27084) but no IPF files
> were touched at that time, just other IP code.  Maybe you've been hit by the
> same change.

I haven't tried backtracking since the machine in question kinda needs
to be up for my LAN to have internet access, but it's never worked
right on that box. I don't have the exact date of the sources that
machine's install was built with when I first switched to it as the
NAT box, but it was somewhere around 20040829; according to my cvs
logs, that is when I pulled ipfilter out of the kernel on the old NAT
box. It has always run -current (due to the fact that when I got the
machine, netbsd-2-0 hit the sleep sleeps forever bug on it rather
reliably when doing just about anything), so it's safe to say that
it's been broken at least since -current as of 20040829.

Right now it's running 2.99.9 built on or around october third. I can
post ident output from the kernel if you're interested.

-- 
Sean