upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-28 04:12:45 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixed the bug that prevented communication with FTP servers behind

Browse source 
NAT in extended passive mode if the server's public IP address was
different from the main NAT address.  This caused a wrong aliasing
link to be created that did not route the incoming packets back to
the original IP address of the server.

	natd -v -n pub0 -redirect_address localFTP publicFTP

Note that even if localFTP == publicFTP, one still needs to supply
the -redirect_address directive.  It is needed as a helper because
extended passive mode's 229 reply does not contain the IP address.

MFC after:	1 week
This commit is contained in:
Ruslan Ermilov 2001-09-21 14:38:36 +00:00
parent e284cfe41e
commit c1dd00f75c
2 changed files with 8 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
lib/libalias/alias_ftp.c
View file

@ -145,8 +145,10 @@ int maxpacketsize /* The maximum size this packet can grow to (including header
*/
if (ParseFtp227Reply(sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(sptr, dlen))
else if (ParseFtp229Reply(sptr, dlen)) {
ftp_message_type = FTP_229_REPLY;
true_addr.s_addr = pip->ip_src.s_addr;
}
}
if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
@ -464,8 +466,7 @@ NewFtpMessage(struct ip *pip,
struct alias_link *ftp_link;
/* Security checks. */
if (ftp_message_type != FTP_229_REPLY &&
pip->ip_src.s_addr != true_addr.s_addr)
if (pip->ip_src.s_addr != true_addr.s_addr)
return;
if (true_port < IPPORT_RESERVED)

7
sys/netinet/libalias/alias_ftp.c
View file

@ -145,8 +145,10 @@ int maxpacketsize /* The maximum size this packet can grow to (including header
*/
if (ParseFtp227Reply(sptr, dlen))
ftp_message_type = FTP_227_REPLY;
else if (ParseFtp229Reply(sptr, dlen))
else if (ParseFtp229Reply(sptr, dlen)) {
ftp_message_type = FTP_229_REPLY;
true_addr.s_addr = pip->ip_src.s_addr;
}
}
if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
@ -464,8 +466,7 @@ NewFtpMessage(struct ip *pip,
struct alias_link *ftp_link;
/* Security checks. */
if (ftp_message_type != FTP_229_REPLY &&
pip->ip_src.s_addr != true_addr.s_addr)
if (pip->ip_src.s_addr != true_addr.s_addr)
return;
if (true_port < IPPORT_RESERVED)