[BUG] ip_nat_ftp fails for some ftp servers (fwd)

Martin Josefsson gandalf@wlug.westbo.se
Sun, 7 Oct 2001 00:55:14 +0200 (CEST)


Only sent to the netfilter list.

/Martin

Never argue with an idiot. They drag you down to their level, then beat you=
 with experience.

---------- Forwarded message ----------
Date: Sat, 06 Oct 2001 23:18:53 +0200
From: Xuan Baldauf <xuan--lkml@baldauf.org>
To: netfilter@lists.samba.org
Subject: [BUG] ip_nat_ftp fails for some ftp servers

Hello,

Hello, I'm currently trying to track down a bug where
active-ftp-masquerading sometimes fails and sometimes does
not fail. I initially assumed that it the problem is
dependent on the ftp-client, client-OS or client-ip-address,
but all this does not seem to apply, it seems to depend on
the server, which is odd.

My network setup:

"local client machines with private ip adresses" - "linux
router" - "internet"

On the linux router, the module "ip_nat_ftp" is loaded.
There is a masquerading rule entered into the router:

#> iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  ---  anywhere            !192.168.0.0/22

When having such a setup, try to list following ftp
directory using an ftp client in active mode:

ftp://ftp.tu-chemnitz.de/

It will fail (because ip_nat_ftp will not substitute the
ftp-"PORT" command). But accessing these directories will
succeed:

ftp://ftp.fu-berlin.de/
ftp://ftp.uni-stuttgart.de/


I've captured the communication to both classes of
ftp-servers, but did not find any notable differences. The
"router" machine is running linux-2.4.11-pre3.

Can anybody confirm this with his|her own setup? Does
anybody know the reason for this bug?

Xu=E2n.