From 7de7d2144f43e0013440b6e44592de78ad3ffa3d Mon Sep 17 00:00:00 2001 From: ru Date: Fri, 21 Sep 2001 14:38:36 +0000 Subject: Fixed the bug that prevented communication with FTP servers behind NAT in extended passive mode if the server's public IP address was different from the main NAT address. This caused a wrong aliasing link to be created that did not route the incoming packets back to the original IP address of the server. natd -v -n pub0 -redirect_address localFTP publicFTP Note that even if localFTP == publicFTP, one still needs to supply the -redirect_address directive. It is needed as a helper because extended passive mode's 229 reply does not contain the IP address. MFC after: 1 week --- sys/netinet/libalias/alias_ftp.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'sys/netinet/libalias') diff --git a/sys/netinet/libalias/alias_ftp.c b/sys/netinet/libalias/alias_ftp.c index 7dee3f8..7e51e73 100644 --- a/sys/netinet/libalias/alias_ftp.c +++ b/sys/netinet/libalias/alias_ftp.c @@ -145,8 +145,10 @@ int maxpacketsize /* The maximum size this packet can grow to (including header */ if (ParseFtp227Reply(sptr, dlen)) ftp_message_type = FTP_227_REPLY; - else if (ParseFtp229Reply(sptr, dlen)) + else if (ParseFtp229Reply(sptr, dlen)) { ftp_message_type = FTP_229_REPLY; + true_addr.s_addr = pip->ip_src.s_addr; + } } if (ftp_message_type != FTP_UNKNOWN_MESSAGE) @@ -464,8 +466,7 @@ NewFtpMessage(struct ip *pip, struct alias_link *ftp_link; /* Security checks. */ - if (ftp_message_type != FTP_229_REPLY && - pip->ip_src.s_addr != true_addr.s_addr) + if (pip->ip_src.s_addr != true_addr.s_addr) return; if (true_port < IPPORT_RESERVED) -- cgit v1.1