Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem

To:	Pekka Savola <pekkas@netcore.fi>
Subject:	Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem
From:	Darren Reed <darrenr@reed.wattle.id.au>
Date:	Wed, 20 Dec 2006 10:20:24 +1100
Cc:	ipfilter@coombs.anu.edu.au
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	ipfilter-list@securepoint.com
In-reply-to:	<Pine.LNX.4.64.0612192052410.3711@netcore.fi>
References:	<Pine.LNX.4.64.0612192052410.3711@netcore.fi>
Reply-to:	darrenr@reed.wattle.id.au
Sender:	owner-ipfilter@coombs.anu.edu.au
User-agent:	Thunderbird 1.5.0.5 (Windows/20060719)

Pekka Savola wrote:
> Hello,
>
> On FreeBSD 6.2-PRERELEASE (apparently ipfilter ~4.1.13), I'm having a
> problem with NATted, FTP-proxied sessions which use Window Scaling.
> Session that don't use the FTP proxy (or if the FTP proxy rule is
> disabled) or if WS is disabled work OK.
>
> Maybe FTP proxy doesn't work with Window Scaling, or is there
> something I'm missing ?
>
> IPmon lists the errors like:
>
> 19/12/2006 20:56:04.982985 15x fxp0 @0:32 b 193.166.3.2,33416 ->
> 192.168.1.1,33828 PR tcp len 20 1500 -A IN OOW NAT
> 19/12/2006 20:56:08.235987 fxp0 @0:32 b 193.166.3.2,33416 ->
> 192.168.1.1,33828 PR tcp len 20 1500 -A IN OOW NAT
> 19/12/2006 20:56:09.155467 fxp0 @0:32 b 193.166.3.2,33416 ->
> 192.168.1.1,33828 PR tcp len 20 1500 -A IN OOW NAT
> 19/12/2006 20:56:10.996694 fxp0 @0:32 b 193.166.3.2,33416 ->
> 192.168.1.1,33828 PR tcp len 20 1500 -A IN OOW NAT

To see if it has properly picked up window scaling, list out the state table
entry with "ipfstat -sl".  To me it is looking like the FTP data connection
is the one having trouble, yes?

Darren

<Prev in Thread]	Current Thread	[Next in Thread>
ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Pekka Savola Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Darren Reed <= Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Victor Duchovni Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Darren Reed Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Pekka Savola Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Darren Reed Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Pekka Savola Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Darren Reed Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Pekka Savola Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Pekka Savola Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Darren Reed Message not available Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Darren Reed

Previous by Date:	Re: IPFilter 4.1.16, Corey Johnston
Next by Date:	Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Victor Duchovni
Previous by Thread:	ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Pekka Savola
Next by Thread:	Re: ipf 4.1.13 + NAT + FTP proxy = window scaling problem, Victor Duchovni
Indexes:	[Date] [Thread] [Top] [All Lists]