Date: Sat, 14 Nov 1998 12:00:57 -0500 (EST) From: greig@ediacara.org To: FreeBSD-gnats-submit@FreeBSD.ORG Subject: bin/8685: SYST problem in /usr/bin/ftp? Message-ID: <199811141700.MAA20735@darwin.ediacara.org>
next in thread | raw e-mail | index | archive | help
>Number: 8685
>Category: bin
>Synopsis: sending a SYST by ftp client closes connection thru Checkpoint
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Sat Nov 14 09:20:00 PST 1998
>Last-Modified:
>Originator: David Iain Greig
>Organization:
NMR Core Facility, Dept. of Biochemistry, University of Ediacara
>Release: FreeBSD 2.2.7-STABLE i386
>Environment:
FreeBSD 2.2.7-STABLE ftp client through Checkpoint firewall
>Description:
When FreeBSD ftp client issues a SYST command to a remote
server through a Checkpoint-1 firewall, the data connection
closes, terminating the ftp session.
>How-To-Repeat:
Normal ftp.
>Fix:
Remove SYST command from /usr/src/usr.bin/ftp/util.c
diff util.c util.c.orig
146c146
< if (command("NOOP") == COMPLETE && overbose) {
---
> if (command("SYST") == COMPLETE && overbose) {
------------------
We cut over today to a new corporate firewall, and I was using
my deskside FreeBSD server to check that we could connect thru the
firewall to external servers. All of them checked out 100%
except ftp.....
-------------------------------------
>From a Sun running Solaris 2.5.1:
> ftp darwin.ediacara.org
Connected to darwin.ediacara.org.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
ftp> debug 3
Debugging on (debug=3).
ftp> user
(username) greig
---> USER greig
331 Password required for greig.
Password:
---> PASS (censored)
230 User greig logged in.
ftp> ls
---> PORT 142,146,236,140,135,1
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for 'file list'.
Muttrc
.mailrc
.profile
.rhosts
(etc)
So the Solaris FTP works.
-----------------------------------
>From AIX 4.3.1:
> ftp
ftp> debug 99
Debugging on (debug=99).
ftp> open darwin.ediacara.org
Connected to darwin.ediacara.org.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin.ediacara.org:dgreig): greig
---> USER greig
331 Password required for greig.
Password:
---> PASS (censored)
230 User greig logged in.
ftp> ls
---> PORT 142,146,236,80,158,243
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for 'file list'.
Muttrc
.mailrc
.profile
(etc)
So AIX works.
---------------------------------------------------------
>From my FreeBSD server:
uname -a:
FreeBSD teva.rogers.com 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Tue Oct 6 07:48:54 EDT 1998 root@teva.rogers.com:/usr/src/sys/compile/TEVA i386
> ftp
ftp> debug 99
Debugging on (debug=99).
ftp> open darwin
Connected to darwin.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin:dgreig): greig
---> USER greig
331 Password required for greig.
Password:
---> PASS XXXX
230 User greig logged in.
---> SYST
215 UNIX Type: L8 Version: BSD-199506
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
---> PORT 142,146,62,242,156,114
421 Service not available, remote server has closed connection.
ftp>
So freeBSD doesn't work thru Checkpoint where AIX and Solaris do?
We look further into this:
setting ftpd to send debug messages to syslog, and running syslod -d
on the ftpd server, I log again into the AIX server.
> ftp darwin.ediacara.org
Connected to darwin.ediacara.org.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin.ediacara.org:dgreig): greig
331 Password required for greig.
Password:
230 User greig logged in.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for 'file list'.
Muttrc
.mailrc
(etc)
namedb.tar
226 Transfer complete.
ftp> quote NOOP
200 NOOP command successful.
ftp> quote SYST
215 UNIX Type: L8 Version: BSD-199506
ftp> ls
421 Service not available, remote server has closed connection
ftp>
On the syslog scroll.. at the end I see:
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:14 ftpd[19825]: command: NOOP
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:14 ftpd[19825]: <--- 200
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:14 ftpd[19825]: NOOP command successful.
readfds = 0x38
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: command: SYST
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: <--- 215
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: UNIX Type: L8 Version: BSD-199506
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: lost connection
readfds = 0x38
So it seems doing a SYST makes the firewall drop the connection??????
So I modify util.c:
diff util.c util.c.orig
146c146
< if (command("NOOP") == COMPLETE && overbose) {
---
> if (command("SYST") == COMPLETE && overbose) {
To punt the SYST...
Then compile and run it from the FreeBSD ftp client:
> ftp
ftp> debug 99
Debugging on (debug=99).
ftp> open darwin
Connected to darwin.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin:dgreig): greig
---> USER greig
331 Password required for greig.
Password:
---> PASS XXXX
230 User greig logged in.
---> NOOP
200 NOOP command successful.
Remote system type is NOOP.
ftp> ls
---> PORT 142,146,62,242,156,120
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for '/bin/ls'.
total 250240
drwxr-xr-x 2 greig wheel 1024 Oct 28 1997 ...
-rw------- 1 greig wheel 230 May 19 22:03 .Xauthority
-rw-r--r-- 1 greig wheel 384 Nov 10 1997 .alias
(etc)
-rw-r--r-- 1 greig wheel 10240 Oct 27 1997 www.tar
-rw-r--r-- 1 greig wheel 53 Oct 27 1997 www.tar.gz
226 Transfer complete.
ftp>
ftp> quote SYST
---> SYST
421 Service not available, remote server has closed connection.
ftp>
Um.... help?
--D.
--
david iain greig greig@ediacara.org
sp4 kox
http://www.ediacara.org/~greig arbor plena alouattarum
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199811141700.MAA20735>