Stuart Henderson wrote:
On 2009-05-25, Maurice Janssen <maur...@z74.net> wrote:
Hi,
I have an FTP-server (running OpenBSD 4.5-stable) that is only reachable
over IPv6. Passive FTP works fine, but active FTP doesn't seem to work.
I run ftpd from rc.conf.local (-DAS6), not through inetd.
The client gets the following error:
ftp> ls
229 Entering Extended Passive Mode (|||55566|)
150 Opening ASCII mode data connection for '/bin/ls'.
total 4
dr-xr-xr-x 3 0 0 512 May 22 08:52 pub
226 Transfer complete.
ftp> passive
Passive mode off.
ftp> ls
200 EPRT command successful.
421 Service not available, remote server has closed connection.
When I temporarily enable IPv4 (kill ftpd and start with -DAS), passive
and active FTP work fine over IPv4, but still only passive over IPv6.
Is this a bug or feature? I can't seem to find any documentation telling me
it is intended behaviour.
Thanks,
Maurice
Works for me.
Do you reach it via a firewall that doesn't know how to handle EPRT?
It also fails (in exactly the same way) when connecting from an
ftp-client on the same subnet. The ftp-server has a 'pass out all'
statement in pf.conf and tcpdump on pflog0 doesn't show any filtered
packets from port 20.
The client doesn't see any packets coming from port 20, only the packets
related to the control connection (to/from port 21 on the ftp-server).
Even with "pass in all;pass out all" in pf.conf and nothing else, no
packets from port 20 arrive on the client.
So it looks like it's a problem on the ftp-server, but not pf related.
I suppose I'm missing some very simple, but I don't see it.
Thanks,
Maurice
