On Wed, 2003-08-20 at 12:12, Victor McAllister wrote: > My friend is still troubleshooting why Dachstein works with an internal > passive ftp client SENDING a file and Bering fails. > > System is PPPoE > > He ran tdpdump in passive ftp mode . > Dachstein showns the mss at differnt stages of the ftp as 1460 and 1412 > In Bering the tcpdump log shows that mss is 1452 and 1460. > Bering has CLAMPMSS = Yes > > The internal ftp passive mode client log shows the port that it will > send the ftp file. > > The tcpdump shows that in Dachstien that port is used and the ftp is > successful. > > In Bering the port used by the client shows in the tcpdump file AS ONE > PORT LOWER THAN THE REQUESTED PORT.
In a tcpdump on the internal interface, is the port number in the PASV response correct or wrong? > > Why would ip_conntrack_ftp assign a passive client one port lower than > the agreed upon port for transfer. > > ****** > if the ftp log shows that the tcp port for sending the file is supposed > to be 13780 > tcpdump on the Bering firewall shows the packet is sent on port 13779 > and the ftp fails. > ****** > Is this a bug in ip_conntrack_ftp that only shows up when a client sends > a file? If it is, it's a strange bug that only shows up on your friend's computer. You can remove ip_conntrack_ftp and ip_nat_ftp and throw them in the ocean if you like; passive mode FTP from behind a firewall works fine without them provided that you have the default policy of "loc net ACCEPT". > Passive clients probably usually recieve files instead of sending them. All publishing of Shorewall distributions to Sourceforge occur using passive mode FTP. > > Anyone else seen this problem? My friend's weather station will not > send ftp files through the Bering box. It will send files through the > Dactsein box. All hardware, application program , remote ftp server and > ISP are the same. No one else in the Shorewall user community is seeing this problem except your friend; or if they are, they aren't reporting it. -Tom -- Tom Eastep \ Shorewall - iptables made easy Shoreline, \ http://shorewall.net Washington USA \ [EMAIL PROTECTED] ------------------------------------------------------- This SF.net email is sponsored by Dice.com. Did you know that Dice has over 25,000 tech jobs available today? From careers in IT to Engineering to Tech Sales, Dice has tech jobs from the best hiring companies. http://www.dice.com/index.epl?rel_code=104 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
