Date: Fri, 24 Aug 2001 17:19:19 -0500 From: David Kelly <dkelly@hiwaay.net> To: freebsd-questions@freebsd.org Subject: natd's punch_fw and Internet Exploder 5.x Message-ID: <20010824171919.A60532@grumpy.dyndns.org>
next in thread | raw e-mail | index | archive | help
Am having problems with ftp from IE 5.0 and 5.5SP2 clients thru a FreeBSD 4.3-STABLE gateway/firewall. Looking at the CVS logs I have the latest RELENG_4 sources in natd and libalias. The command line ftp in NT4SP6a has no problems getthing thru. If I'm quick can catch something like this with "ipfw -a list": 02526 0 0 allow tcp from 10.0.0.3 4950 to 207.96.122.8 20 02526 2 120 allow tcp from 207.96.122.8 20 to 10.0.0.3 4950 Looks like its creating rules for passive and non-passive ftp. NT4SP6's ftp does not know PASSIVE so I can't try that. But fetch in FreeBSD 3.5 does know PASSIVE and can't get thru, but can in non-PASSIVE. IE 5.0 on a Macintosh works fine. MS has the foolest notion of where configuration checkboxes belong so just because I can't find a passive option on the Mac version doesn't mean its not there. Have found it on the NT4 version but am convinced its ignored. On the Mac version have seen status messages flash at the bottom of the window frame saying something about passive ftp mode being tried, am guessing its auto converting. So the real issue here is, "Is somebody else already working on this?" Don't see any entries in GNATS, but that might say more about my skills in forming search querries. If somebody doesn't already have a handle on it, then I'd like some suggestions as to how one debugs libraries? Any suggestion as to what I need to do to take the libalias source and statically link to natd so as to make my own? Then I'll make my libalias dump all port 21 packets and report on what it saw or didn't see. Have looked at the packets with tcpdump. Don't know enough about the ftp protocol yet to know what I'm looking at. So I'm thinking along the lines of having the ftp code in libalias tell me what it sees, as that's where the problem lies. Would like the punch_fw option to optionally log the creation and destruction of ipfw rules it creates. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010824171919.A60532>