From owner-freebsd-pf@FreeBSD.ORG Thu May 28 20:40:16 2009 Return-Path: Delivered-To: freebsd-pf@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 9127E106566B for ; Thu, 28 May 2009 20:40:16 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: from mail-ew0-f212.google.com (mail-ew0-f212.google.com [209.85.219.212]) by mx1.freebsd.org (Postfix) with ESMTP id 156E58FC1C for ; Thu, 28 May 2009 20:40:15 +0000 (UTC) (envelope-from biancalana@gmail.com) Received: by ewy8 with SMTP id 8so2280012ewy.43 for ; Thu, 28 May 2009 13:40:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3NYo48ssu5JXYa7i0t5XrXvvC2olEKN0IHgYG3KcGKY=; b=ALTkblYbNfpoD/dI3WD8zTFMwGVWhc2xW9cXslr5gb6FLLHKfUrF0I/g0F3J9bPvxL Hhdpl96/aGgruUKfZL8C91s/45fSV60FPre2BMeMbucZu+IxUZw6PIUeNIOJgq9XQs9a k3mgcptw907/9YZO5AZIq3aDorJpgTLIVUM6o= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; b=ch/RWm9j446DDuevpFWQoThpNLOfIGUs6ucKc68pz4qJCJhtq3UYJpzAhYEswb6o25 F2t2EPKpMB6uW9aV5do57CX4rHerieW41g+ONvqPnwldPd+GW6fNYwXXl84LwXC8/yEv Dy6EfpHreSWjR2YJQdEISTJ9+DQV3eZhJb2N0= MIME-Version: 1.0 Received: by 10.216.53.83 with SMTP id f61mr685613wec.33.1243543214933; Thu, 28 May 2009 13:40:14 -0700 (PDT) In-Reply-To: References: <8e10486b0905271442j224b37f5nceccaba929a08f8a@mail.gmail.com> <8e10486b0905281125l662e1f98r5b5a68e172d56684@mail.gmail.com> <8e10486b0905281317h40250894rb98d19f063cd8a1c@mail.gmail.com> Date: Thu, 28 May 2009 17:40:14 -0300 Message-ID: <8e10486b0905281340i588eea3cj16fc6dd745c3e2ff@mail.gmail.com> From: Alexandre Biancalana To: Scott Ullrich Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Cc: freebsd-pf@freebsd.org Subject: Re: Multiple ftp servers behind pf with carp multi-ip X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 May 2009 20:40:16 -0000 On Thu, May 28, 2009 at 5:23 PM, Scott Ullrich wrote: > On Thu, May 28, 2009 at 4:17 PM, Alexandre Biancalana > wrote: >> The patch does not apply clearly, I merge they by hand (the final diff >> is attached) and compiled Ok. I will give a try and let you know. >> >> I'm curious about the two new command line options -i and -2, what's >> the exacly purpose of this options ? > > That might be a little bit outdated. =A0The most up to date port is > here: http://redmine.pfsense.org/repositories/browse/pfsense-tools/pfPort= s/pftpx-routeto > > I quickly glanced at the source and did not see the -i argument but > the -2 argument should be the routeto IP address: > > =A0 =A0 =A0 =A0if (routeto) { > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0memset(&hints, 0, sizeof hints); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0hints.ai_flags =3D AI_NUMERICHOST; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0hints.ai_family =3D ipv6_mode ? AF_INET6 := AF_INET; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0hints.ai_socktype =3D SOCK_STREAM; > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0error =3D getaddrinfo(routeto, NULL, &hint= s, &res); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0if (error) > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0errx(1, "getaddrinfo route= -to address failed: %s", > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0gai_strerror(error= )); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0memcpy(&routeto_ss, res->ai_addr, res->ai_= addrlen); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0logmsg(LOG_INFO, "using route-to (%s %s)",= routeto_if, > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0sock_ntop(sstosa(&routeto_ss))); > =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0freeaddrinfo(res); > =A0 =A0 =A0 =A0} Does not work :-( The client side the error happen in a intermittent manner: Pink:/usr/home/ale $ ftp xxx.xxx.11.130 Connected to xxx.xxx.11.130. 220-Microsoft FTP Service 220 FTP SERVER Name (xxx.xxx.11.130:ale): user 421 Service not available, remote server has closed connection. ftp: Login failed. ftp> quit Pink:/usr/home/ale $ ftp xxx.xxx.11.130 Connected to xxx.xxx.11.130. 421 Service not available, remote server has closed connection. ftp> quit Pink:/usr/home/ale $ ftp xxx.xxx.11.130 Connected to xxx.xxx.11.130. 220-Microsoft FTP Service 220 FTP SERVER Name (xxx.xxx.11.130:ale): user 331 Password required for user. Password: 421 Service not available, remote server has closed connection. ftp: Login failed. ftp> the server side looks like this: FW1:/usr/ports/ftp/pftpx # pftpx -D7 -d -c 8023 -f 192.168.0.80 -p 192.168.0.253 using 192.168.0.253 to connect to servers using route-to (lo0 127.0.0.1) using fixed server 192.168.0.80 listening on 127.0.0.1 port 8023 #1 accepted connection from xxx.xxx.153.79 #1 FTP session 1/100 started: client xxx.xxx.153.79 to server 192.168.0.80 via proxy 192.168.0.253 #1 server: 220-Microsoft FTP Service\r\n #1 server: 220 FTP SERVER\r\n #2 accepted connection from xxx.xxx.153.79 #2 FTP session 2/100 started: client xxx.xxx.153.79 to server 192.168.0.80 via proxy 192.168.0.253 #2 server: 220-Microsoft FTP Service\r\n #1 server: 220 FTP SERVER\r\n #2 client: USER user\r\n #2 server: 331 Password required for user.\r\n #2 client reset connection #2 ending session Any other idea ? Alexandre