IPfilter
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Invalid PORT command - FTP/IPNAT

from [Hans Werner Strube] [Permanent Link][Original]
To: ipfilter@coombs.anu.edu.au
Subject: Re: Invalid PORT command - FTP/IPNAT
From: Hans Werner Strube <strube@physik3.gwdg.de>
Date: Mon, 19 Mar 2007 12:09:02 +0100 (MET)
Delivered-to: sp-com-lists@consult.net
Delivered-to: ipfilter-list@securepoint.com
Sender: owner-ipfilter@coombs.anu.edu.au 
> From owner-ipfilter@cairo.anu.edu.au Mon Mar 19 11:44:53 2007
> X-Authentication-Warning: cairo.anu.edu.au: majordomo owned process doing -bs
> X-Authentication-Warning: cairo.anu.edu.au: majordomo set sender to 
> owner-ipfilter@coombs.anu.edu.au using -f
> DKIM-Signature: a=rsa-sha1; c=relaxed/relaxed;
>         d=gmail.com; s=beta;
>         
> h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition;
>         
> b=i6joTEeYGBrPL6dOmxDH1IAgY7r2sepydT9X+FIqj29HO7JpsYTad216qLXkFLt1eRqWLSlAHCdAeE4rlpp3jnfr3HGaYlz7ZJ4V1vOpRn4oOxL5Dldamp+h8Oa05/SO/AiCNGwa14jEOw3JyLBMS8Qam3bYopZEzyX5tolH1eA=
Corey Johnston wrote:
> Firewall two: FTP broken
> map bge1 from 0.0.0.0/0 to a.b.c.d/32 port = 21 -> w.x.y.z/32 proxy
> port ftp ftp/tcp
> map bge1 from 0.0.0.0/0 to a.b.c.d/32 -> w.x.y.z/32 portmap tcp/udp auto
> map bge1 from 0.0.0.0/0 to a.b.c.d/32 -> w.x.y.z/32

As you have bge interfaces: these use hardware checksumming, which is
known to cause NAT trouble in Solaris IPF. Try whether the following helps:
add a line to /etc/system:
set ip:dohwcksum=0
and reboot.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Invalid PORT command - FTP/IPNAT, Corey Johnston
Next by Date:  Re: Invalid PORT command - FTP/IPNAT, Corey Johnston
Previous by Thread:  Invalid PORT command - FTP/IPNAT, Corey Johnston
Next by Thread:  Re: Invalid PORT command - FTP/IPNAT, Corey Johnston
Indexes:  [Date] [Thread] [Top] [All Lists]