Hi, I have an OpenBSD 4.1 system running as a NAT firewall for our office and unfortunately I have to support a couple of active FTP clients on the inside of the firewall, so I've set up ftp-proxy. I've never used ftp-proxy before and I've run into a problem with it.
I've set up ftp-proxy and pf as described in the PF FAQ. When the client application tries to connect, it behaves as if it never gets a response from the server. The connection hangs and eventually the client ftp application reports a time out. What's actually happening is not as much fun. I ran a packet sniffer on the client computer while trying to establish the ftp connection. Things happen as follows: The client (inside the firewall) initiates a connection to an FTP server on a public IP. The TCP handshake completes. The FTP server sends its first FTP protocol packet containing the usual welcome/banner string - This packet does make its way back through the firewall to the client system. However, (according to Wireshark on the client) the checksum on the pack is incorrect. The client ftp application then seems to just ignore the packet from the server, presumably because the checkum in the packet does not match the calculated checksum. Can anyone shed some light on this? Has anyone else had problems with ftp-proxy like this? Thanks a lot. Jason