Subject: Re: ipnat ftp proxy fix yet? (ever?)
To: Sean Davis <erplefoo@gmail.com>
From: Manuel Bouyer <bouyer@antioche.lip6.fr>
List: tech-net
Date: 10/28/2004 13:14:43
On Wed, Oct 27, 2004 at 08:19:29PM -0400, Sean Davis wrote:
> On Wed, 27 Oct 2004 23:28:08 +0200, Martin Husemann <martin@duskware.de> wrote:
> > On Wed, Oct 27, 2004 at 04:27:04PM -0400, Sean Davis wrote:
> > > why hasn't <whatever change was made
> > > to the ftp code> been reverted?
> > 
> > That's impractical. Fixing the bug will be easier.
> 
> well, I didn't mean revert everything, what I meant was more along the
> lines of "if darren knew how to make it work then, why is it broken
> now, and why can't he compare then and now to see what its doing
> differently?"

Because a lot of things have changed between ipf3 and 4, and the diff is not
exploitable ?

> 
> > 
> 
> It was never unreliable for me until I tried it on a sparc64. I always
> use passive, but suppose some application I don't have control over
> (on windows, for example) wants active? the windows user (aka my
> mother) will expect it to "just work," and it won't.

I'm not sure passive ftp would work though NAT without the proxy.
At last the source address, and possibly the source port, need to be
translasted in the PORT command.

-- 
Manuel Bouyer <bouyer@antioche.eu.org>
     NetBSD: 26 ans d'experience feront toujours la difference
--