Subject: kern/12066: ipnat: ftp proxy occasionally fails
To: None <gnats-bugs@gnats.netbsd.org>
From: Ingolf Steinbach <ingolf@jellonet.de>
List: netbsd-bugs
Date: 01/28/2001 06:59:21
>Number: 12066
>Category: kern
>Synopsis: ipnat: ftp proxy occasionally fails
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: kern-bug-people
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Jan 28 07:02:00 PST 2001
>Closed-Date:
>Last-Modified:
>Originator: Ingolf Steinbach
>Release: NetBSD-1.5
>Organization:
none
>Environment:
System: NetBSD isdn 1.5 NetBSD 1.5 (ISDN) #0: Thu Nov 23 15:59:27 MET 2000 ingolf@isdn:/usr/obj/sys/arch/i386/compile/ISDN i386
isdn4bsd 00.90.0
>Description:
From time to time, I get problems with active ftp through
my nat box. The ipnat configuration contains:
map isp0 192.168.2.0/24 -> 0.0.0.0/32 proxy port ftp ftp/tcp
map isp0 192.168.2.0/24 -> 0.0.0.0/32 portmap tcp/udp 20000:30000
map isp0 192.168.2.0/24 -> 0.0.0.0/32
Sometimes (not always!), active ftp fails:
maus% ftp -A ftp.kde.org
Connected to max.tat.physik.uni-tuebingen.de.
220-You are user number 101 of 260 allowed.
220-Local time is now 23:23 and the load is 0.80.
220 You will be disconnected after 1800 seconds of inactivity.
Name (ftp.kde.org:ingolf): ftp
230 Anonymous user logged in.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> dir
501 Syntax error.
425 Will not open connection to 192.168.2.1 (only to 217.17.194.73)
ftp>
ipnat -l on the nat box shows
List of active sessions:
MAP 192.168.2.1 64709 <- -> 217.17.194.73 64709 [134.2.170.93 21]
proxy ftp/6 use 1 flags 0
proto 6 flags 0 bytes 1334 pkts 18 data 0xc0374a00 psiz 356
FTP Proxy:
passok: 1
Client:
rptr 0xc0374a14 wptr 0xc0374a14 seq 30d8a71c junk 0
buf [PORT 192,168,2,1,252,196\015\012\015\012\000]
Server:
rptr 0xc0374ac4 wptr 0xc0374ac4 seq a5d62a66 junk 0
buf [425 Will not open connection to 192.168.2.1 (only to 217.17.194.73)\015\012:23 and the load is 0.80.\015\012220 You will be disconnected after 1800 seconds of inactivity.\015\000]
The above "ftp -A" was run on 192.168.2.1 (NetBSD-1.5, m68k).
The NAT box is 192.168.2.4 internally (NetBSD-1.5, i386; plus
isdn4bsd 00.90.0).
The ISDN interfacs (isp0) is configured with IP address 0.0.0.0
initially (see also ipnat.conf above) which is changed on
dial-up to the address dynamically assigned by my ISP (in
the above example: 217.17.194.73).
During the same "online session", all further attempts to use
active ftp fail. After termination and re-initiating the ISDN
connection, active ftp via the proxy usually works again.
>How-To-Repeat:
see above
>Fix:
>Release-Note:
>Audit-Trail:
>Unformatted: