Date: Wed, 7 May 2008 23:48:47 +0300 From: "Valentin Bud" <valentin.bud@gmail.com> To: freebsd-pf <freebsd-pf@freebsd.org> Subject: proftpd and pf weirdness Message-ID: <139b44430805071348x4b20f4b0oe281eaf61380f046@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello to you all, Last week i've begun to have problem with an HUAWEI E220 HSDPA modem when connecting to proftpd server. First thing i want to mention is that the thing that i'll describe here only happens when i connect from that modem. First of all the topology of the servers: ISP----[bridged modem]-----[FreeBSD mpd4+pf]----[FreeBSD proftpd] the pf rules that redirect traffic to proftpd: rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 21 -> <DMZ_HOST> port 21 rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 59000:59100 -> <DMZ_HOST> port 59000:59100 DMZ_HOST (192.168.1.2) being the FreeBSD 6.2-RELEASEp6 box that runs - ProFTPD Version 1.3.1 no firewall running on DMZ_HOST here is the relevant ouput that the server gives when the ftp session is closed: 12.34.56.78 (213.233.102.254[213.233.102.254]) - Entering Passive Mode (192,168,1,2,230,167). 12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching POST_CMD command 'PASV' to mod_sql 12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching LOG_CMD command 'PASV' to mod_sql 12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching LOG_CMD command 'PASV' to mod_log 12.34.56.78 (213.233.102.254[213.233.102.254]) - FTP session closed. tcpdump output from the [mpd4+pf] box: 14:04:58.299572 AF IPv4 (2), length 94: 12.34.56.78.21 > 213.233.102.254.40437: P 261:311(50) ack 92 win 65535 0x0000: 4500 005a be9c 4000 3f06 0f55 597a d74a E..Z..@.?..UYz.J 0x0010: d5e9 66fe 0015 9df5 2ded 1879 01dc 346b ..f.....-..y..4k 0x0020: 5018 ffff aea7 0000 3232 3720 456e 7465 P.......227.Ente 0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod 0x0040: 6520 2831 3932 2c31 3638 2c31 2c32 2c32 e.(192,168,1,2,2 0x0050: 3330 2c31 3637 292e 0d0a 30,167)... 14:04:58.348823 AF IPv4 (2), length 94: 213.233.102.254.40437 > 12.34.56.78.21: R 92:142(50) ack 261 win 65535 0x0000: 4500 005a be9c 4000 2806 2655 d5e9 66fe E..Z..@.(.&U..f. 0x0010: 597a d74a 9df5 0015 01dc 346b 2ded 1879 Yz.J......4k-..y 0x0020: 5014 ffff aeab 0000 3232 3720 456e 7465 P.......227.Ente 0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod 0x0040: 6520 2831 3932 2c31 3638 2c31 2c32 2c32 e.(192,168,1,2,2 0x0050: 3330 2c31 3637 292e 0d0a 30,167)... The last snippet from tcpdump shows (as far as i know) that the huawei modem sends an R and that the server (before) that reset sends the PASV port answer. If i am not right please correct me. The ppp connection made from the modem receives an ip from 172.16/12 private class which gets nat-ed to the 213.* ip from the logs. If it matters the modem is from Vodafone. I will attach the proftpd config file. I think that vodafone does some check on packets and it doesn't like that the connection to the ftp server passes through the [mpd4+pf] box. Configuring proftpd on the [mpd4+pf] box works like a charm. This is a viable solution but i want to find out what happens. Any hints to dig further are more than welcomed. Thank you. PS: the 12.34.56.78 ip is bogus to protect my server's identity, everything else is copy paste from server output. -- Kind Regards, Valentin Bud www.syk.ro www.spreadbsd.org/aff/86/1 www.spreadbsd.org/aff/86/2 valentin [dot] bud [at] gmail [dot] com valentin [dot] bud [at] dep [dot] upt [dot] ro
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?139b44430805071348x4b20f4b0oe281eaf61380f046>