Date: Fri, 14 Dec 2007 17:55:41 -0500 From: "J.R. Oldroyd" <fbsd@opal.com> To: Max Laier <max@love2party.net> Cc: Remko Lodder <remko@freebsd.org>, freebsd-current@freebsd.org Subject: Re: deprecate ftp-proxy in favor of ftp/pftpx Message-ID: <20071214175541.158bfa29@linwhf.opal.com> In-Reply-To: <200712142322.29072.max@love2party.net> References: <20071214153229.17383065@linwhf.opal.com> <200712142239.13422.max@love2party.net> <20071214170722.5e5853c3@linwhf.opal.com> <200712142322.29072.max@love2party.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/85en72jKkEPn7rOr2MhpDa+
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: quoted-printable
On Fri, 14 Dec 2007 23:22:22 +0100, Max Laier <max@love2party.net> wrote:
>=20
> from src/UPDATING:
>=20
> 20070702:
> The packet filter (pf) code has been updated to OpenBSD 4.1 Please
> note the changed syntax - keep state is now on by default. Also
> note the fact that ftp-proxy(8) has been changed from bottom up and
> has been moved from libexec to usr/sbin. Changes in the ALTQ
> handling also affect users of IPFW's ALTQ capabilities.
>=20
> I'm afraid it hasn't made it's way to the Release notes, yet.
>=20
> The ftp-proxy(8) manpage provides configuration examples and details.
>=20
Ah, I have found the problem.
=20
Admittedly, I was under the impression that the proxy host here had
been upgraded to 7.0; this turns out to be not the case.
The ftp-proxy host in question is one of the few here that has not
yet been upgraded from 6.2 to 7.0. It is therefore still running the
OpenBSD 3.7-derived ftp-proxy. A bunch of desk/laptops here have
recently been upgraded to 7.0 and with that came recent versions
of firefox. I gather that a change in firefox documented here:
http://www.mozilla.org/security/announce/2007/mfsa2007-11.html
no longer permits the behavior of ftp-proxy in changing the data port,
making recent versions of firefox incompatible with the old ftp-proxy.
That's why firefox appeared to stop working.
I do see that the ftp-proxy on 7.0 has been changed and that the
man page does look rather like the one for pftpx, so I now see
that what you're saying, Max, looks right.
=20
The problem I ran into, that of having new 7.0 desktops and recent
versions of tools like firefox, together with a 6.x firewall/proxy
host, may be a situation others run into over the next few weeks.
Perhaps it's worth posting a heads up to stable@ once 7.0 is
released, explaining that folks still using 6.x on a firewall/proxy
will need to replace ftp-proxy with ftp/pftpx, and then go back
to ftp-proxy when they upgrade the firewall/proxy host to 7.x.
I had seen the note in UPDATING, but that note does not mention
the breakage with firefox or what the solution is.
-jr
--Sig_/85en72jKkEPn7rOr2MhpDa+
Content-Type: application/pgp-signature; name=signature.asc
Content-Disposition: attachment; filename=signature.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (FreeBSD)
iD8DBQFHYwntls33urr0k4kRAoYVAJ0a8N48ksfB3KM3MtS2W6II77CHGwCdE0tD
5LqIbsyiUVpN4mRTHNXn7O4=
=+8iu
-----END PGP SIGNATURE-----
--Sig_/85en72jKkEPn7rOr2MhpDa+--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20071214175541.158bfa29>