Hi Ed thx for the reply. First I should mention that all non-ssl ftp traffic works great through the firewall (setup according to FAQ on openbsd site). My setup is: my client -> my nat'd OpenBSD -> internet -> remote ftp-ssl server I don't have any control over the remote server. The client simply hangs saying "Connected to server on port 21. Waiting for response...". I did a tcpdump on the internal nic during a connection attempt from the client: >>tcpdump -ttt -n -i vr0 host remote_ip
Sep 23 19:01:51.887070 192.168.1.111.1156 > remote_ip.21: S 34496577:34496577(0) win 8192 <mss 1460> (DF) Sep 23 19:01:51.887122 remote_ip.21 > 192.168.1.111.1156: S 2282047294:2282047294(0) ack 34496578 win 16384 <mss 1460> Sep 23 19:01:51.887433 192.168.1.111.1156 > remote_ip.21: . ack 1 win 8760 (DF) Sep 23 19:02:56.887799 192.168.1.111.1156 > remote_ip.21: F 1:1(0) ack 1 win 8760 (DF) Sep 23 19:02:56.887840 remote_ip.21 > 192.168.1.111.1156: . ack 2 win 17520 and another on the external nic at the same time: >>tcpdump -ttt -n -i fxp0 host remote_ip Sep 23 19:01:51.891462 my_external_ip.63441 > remote_ip.21: S 3772606012:3772606012(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166560978 0> (DF) Sep 23 19:01:57.883262 my_external_ip.63441 > remote_ip.21: S 3772606012:3772606012(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166560990 0> (DF) Sep 23 19:02:09.883267 my_external_ip.63441 > remote_ip.21: S 3772606012:3772606012(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166561014 0> (DF) Sep 23 19:02:33.883268 my_external_ip.63441 > remote_ip.21: S 3772606012:3772606012(0) win 16384 <mss 1460,nop,nop,sackOK,nop,wscale 0,nop,nop,timestamp 3166561062 0> (DF) I would appreciate if anyone can help me understand the tcpdump output. thx Click here to donate to the Hurricane Katrina relief effort.
