Hi,
I am running into one strange problem below. With the following NAT rule
for ftp proxy, ipfilter behaves differently in different machines. In
two machines, the ftp proxy rule doesn't work and block all outbound TCP
connections initialized from the machine behind IPFilter. With ethereal,
it reports that the TCP checksum is incorrect. But in other two
machines, the rule works well.
All those machines are on Solaris 9 with IP Filter 4.1.10. Does anybody
know this problem? I would appreciate any information you would provide.
===================================================================
alpha root> ipnat -l
List of active MAP/Redirect filters:
map ce0 135.2.35.11/32 -> 135.2.35.11/32 proxy port ftp ftp/tcp
List of active sessions:
MAP 135.2.35.11 45786 <- -> 135.2.35.11 45786 [135.2.10.31 21]
proxy ftp/6 use 1 flags 0
proto 6 flags 0 bytes 280 pkts 6 data YES size 344
FTP Proxy:
passok: 1
Client:
seq 0 (ack 0) len 0 junk 0 cmds 0
buf [\000]
Server:
seq 0 (ack 0) len 0 junk 0 cmds 0
buf [\000]
alpha root> ipfstat -io
pass out quick on ce0 proto tcp from 135.2.35.11/32 to any keep state
block out quick on ce0 proto tcp from any to any
pass in quick on ce0 proto tcp from any to 135.2.35.11/32 port = ssh
flags S/FSRPAU keep state
pass in quick on ce0 proto tcp from any to 135.2.35.11/32 port = telnet
flags S/FSRPAU keep state
pass in quick on ce0 proto tcp from any to 135.2.35.11/32 port = login
flags S/FSRPAU keep state
alpha root>
Thanks,
