From owner-freebsd-bugs  Sat Nov 14 09:19:59 1998
Return-Path: <owner-freebsd-bugs@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id JAA29151
          for freebsd-bugs-outgoing; Sat, 14 Nov 1998 09:19:59 -0800 (PST)
          (envelope-from owner-freebsd-bugs@FreeBSD.ORG)
Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA29144
          for <freebsd-bugs@FreeBSD.org>; Sat, 14 Nov 1998 09:19:57 -0800 (PST)
          (envelope-from gnats@FreeBSD.org)
Received: (from gnats@localhost)
	by freefall.freebsd.org (8.8.8/8.8.5) id JAA11447;
	Sat, 14 Nov 1998 09:20:01 -0800 (PST)
Received: from darwin.ediacara.org (mungo.med.utoronto.ca [128.100.83.246])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id JAA28279
          for <FreeBSD-gnats-submit@freebsd.org>; Sat, 14 Nov 1998 09:10:33 -0800 (PST)
          (envelope-from greig@darwin.ediacara.org)
Received: (from greig@localhost)
	by darwin.ediacara.org (8.8.8/8.8.5) id MAA20735;
	Sat, 14 Nov 1998 12:00:57 -0500 (EST)
Message-Id: <199811141700.MAA20735@darwin.ediacara.org>
Date: Sat, 14 Nov 1998 12:00:57 -0500 (EST)
From: greig@ediacara.org
Reply-To: greig@ediacara.org
To: FreeBSD-gnats-submit@FreeBSD.ORG
X-Send-Pr-Version: 3.2
Subject: bin/8685: SYST problem in /usr/bin/ftp?
Sender: owner-freebsd-bugs@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


>Number:         8685
>Category:       bin
>Synopsis:       sending a SYST by ftp client closes connection thru Checkpoint
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-bugs
>State:          open
>Quarter:
>Keywords:
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sat Nov 14 09:20:00 PST 1998
>Last-Modified:
>Originator:     David Iain Greig
>Organization:
NMR Core Facility, Dept. of Biochemistry, University of Ediacara
>Release:        FreeBSD 2.2.7-STABLE i386
>Environment:
	FreeBSD 2.2.7-STABLE ftp client through Checkpoint firewall

>Description:

	When FreeBSD ftp client issues a SYST command to a remote 
	server through a Checkpoint-1 firewall, the data connection
	closes, terminating the ftp session.

>How-To-Repeat:

	Normal ftp.

>Fix:
	
	Remove SYST command from /usr/src/usr.bin/ftp/util.c

	diff util.c util.c.orig 
	146c146
	<               if (command("NOOP") == COMPLETE && overbose) {
	---
	>               if (command("SYST") == COMPLETE && overbose) {

------------------

We cut over today to a new corporate firewall, and I was using
my deskside FreeBSD server to check that we could connect thru the
firewall to external servers.  All of them checked out 100% 
except ftp.....

-------------------------------------
>From a Sun running Solaris 2.5.1:
 > ftp darwin.ediacara.org
Connected to darwin.ediacara.org.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
ftp> debug 3
Debugging on (debug=3).
ftp> user
(username) greig
---> USER greig
331 Password required for greig.
Password: 
---> PASS (censored)
230 User greig logged in.
ftp> ls
---> PORT 142,146,236,140,135,1
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for 'file list'.
Muttrc
.mailrc
.profile
.rhosts
(etc)

So the Solaris FTP works.
-----------------------------------
>From AIX 4.3.1:

> ftp
ftp> debug 99
Debugging on (debug=99).
ftp> open darwin.ediacara.org
Connected to darwin.ediacara.org.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin.ediacara.org:dgreig): greig
---> USER greig
331 Password required for greig.
Password: 
---> PASS (censored)
230 User greig logged in.
ftp> ls
---> PORT 142,146,236,80,158,243
200 PORT command successful.
---> NLST
150 Opening ASCII mode data connection for 'file list'.
Muttrc
.mailrc
.profile
(etc)

So AIX works.

---------------------------------------------------------
>From my FreeBSD server:

uname -a:
FreeBSD teva.rogers.com 2.2.7-STABLE FreeBSD 2.2.7-STABLE #0: Tue Oct  6 07:48:54 EDT 1998     root@teva.rogers.com:/usr/src/sys/compile/TEVA  i386

> ftp 
ftp> debug 99
Debugging on (debug=99).
ftp> open darwin
Connected to darwin.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin:dgreig): greig
---> USER greig
331 Password required for greig.
Password:
---> PASS XXXX
230 User greig logged in.
---> SYST
215 UNIX Type: L8 Version: BSD-199506
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> ls
---> PORT 142,146,62,242,156,114
421 Service not available, remote server has closed connection.
ftp> 

So freeBSD doesn't work thru Checkpoint where AIX and Solaris do?

We look further into this:

setting ftpd to send debug messages to syslog, and running syslod -d
on the ftpd server, I log again into the AIX server.

> ftp darwin.ediacara.org
Connected to darwin.ediacara.org.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin.ediacara.org:dgreig): greig 
331 Password required for greig.
Password: 
230 User greig logged in.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for 'file list'.
Muttrc
.mailrc
(etc)
namedb.tar
226 Transfer complete.
ftp> quote NOOP
200 NOOP command successful.
ftp> quote SYST
215 UNIX Type: L8 Version: BSD-199506
ftp> ls
421 Service not available, remote server has closed connection
ftp> 

On the syslog scroll.. at the end I see:
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:14 ftpd[19825]: command: NOOP
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:14 ftpd[19825]: <--- 200 
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:14 ftpd[19825]: NOOP command successful.
readfds = 0x38
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: command: SYST
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: <--- 215 
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: UNIX Type: L8 Version: BSD-199506
readfds = 0x38
got a message (1, 0x8)
logmsg: pri 137, flags 0, from darwin, msg Nov 14 11:42:20 ftpd[19825]: lost connection
readfds = 0x38

So it seems doing a SYST makes the firewall drop the connection??????

So I modify util.c:
diff util.c util.c.orig 
146c146
<               if (command("NOOP") == COMPLETE && overbose) {
---
>               if (command("SYST") == COMPLETE && overbose) {

To punt the SYST...

Then compile and run it from the FreeBSD ftp client:
 > ftp
ftp> debug 99
Debugging on (debug=99).
ftp> open darwin
Connected to darwin.
220 darwin.ediacara.org FTP server (Version 6.00) ready.
Name (darwin:dgreig): greig
---> USER greig
331 Password required for greig.
Password:
---> PASS XXXX
230 User greig logged in.
---> NOOP
200 NOOP command successful.
Remote system type is NOOP.
ftp> ls
---> PORT 142,146,62,242,156,120
200 PORT command successful.
---> LIST
150 Opening ASCII mode data connection for '/bin/ls'.
total 250240
drwxr-xr-x  2 greig  wheel      1024 Oct 28  1997 ...
-rw-------  1 greig  wheel       230 May 19 22:03 .Xauthority
-rw-r--r--  1 greig  wheel       384 Nov 10  1997 .alias
(etc)
-rw-r--r--  1 greig  wheel     10240 Oct 27  1997 www.tar
-rw-r--r--  1 greig  wheel        53 Oct 27  1997 www.tar.gz
226 Transfer complete.
ftp> 
ftp> quote SYST
---> SYST
421 Service not available, remote server has closed connection.
ftp> 

Um.... help?

--D.

-- 
david iain greig			     greig@ediacara.org
				  	                sp4 kox
http://www.ediacara.org/~greig		arbor plena alouattarum

>Audit-Trail:
>Unformatted:

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message