Hi,

I have an OpenBSD 4.1 system running as a NAT firewall for our office and
unfortunately I have to support a couple of active 
FTP clients on the inside of the firewall, so I've set up ftp-proxy.  I've
never used ftp-proxy before and I've run into a problem with it.

I've set up ftp-proxy and pf as described in the PF FAQ.  When the client
application tries to connect, it behaves as if it never 
gets a response from the server. The connection hangs and eventually the
client ftp application reports a time out.

What's actually happening is not as much fun.  I ran a packet sniffer on the
client computer while trying to establish the ftp connection.  
Things happen as follows:

The client (inside the firewall) initiates a connection to an FTP server on
a public IP.
The TCP handshake completes.
The FTP server sends its first FTP protocol packet containing the usual
welcome/banner string - This packet does make its way back
through the firewall to the client system.  However, (according to Wireshark
on the client) the checksum on the pack is incorrect.  
The client ftp application then seems to just ignore the packet from the
server, presumably because the checkum in the packet 
does not match the calculated checksum.


Can anyone shed some light on this?  Has anyone else had problems with
ftp-proxy like this?

Thanks a lot.
Jason

Reply via email to