On 2009-05-25, Maurice Janssen <maur...@z74.net> wrote: > Stuart Henderson wrote: >> On 2009-05-25, Maurice Janssen <maur...@z74.net> wrote: >>> Hi, >>> >>> I have an FTP-server (running OpenBSD 4.5-stable) that is only reachable >>> over IPv6. Passive FTP works fine, but active FTP doesn't seem to work. >>> I run ftpd from rc.conf.local (-DAS6), not through inetd. >>> >>> The client gets the following error: >>> >>> ftp> ls >>> 229 Entering Extended Passive Mode (|||55566|) >>> 150 Opening ASCII mode data connection for '/bin/ls'. >>> total 4 >>> dr-xr-xr-x 3 0 0 512 May 22 08:52 pub >>> 226 Transfer complete. >>> ftp> passive >>> Passive mode off. >>> ftp> ls >>> 200 EPRT command successful. >>> 421 Service not available, remote server has closed connection. >>> >>> When I temporarily enable IPv4 (kill ftpd and start with -DAS), passive >>> and active FTP work fine over IPv4, but still only passive over IPv6. >>> >>> Is this a bug or feature? I can't seem to find any documentation telling me >>> it is intended behaviour. >>> >>> Thanks, >>> Maurice >>> >> >> Works for me. >> >> Do you reach it via a firewall that doesn't know how to handle EPRT? > > It also fails (in exactly the same way) when connecting from an > ftp-client on the same subnet. The ftp-server has a 'pass out all' > statement in pf.conf and tcpdump on pflog0 doesn't show any filtered > packets from port 20.
Ugh, I'm sorry - I managed to botch that test somehow (I'm thinking probably I typed EPSV not PASS from finger memory - I have to disable EPSV fairly often on v4 servers..) I can indeed replicate it, both run from inetd and standalone. > So it looks like it's a problem on the ftp-server, but not pf related. Ok, agreed.
