Multiple ftp servers behind pf with carp multi-ip

Alexandre Biancalana biancalana at gmail.com
Thu May 28 20:40:16 UTC 2009 

On Thu, May 28, 2009 at 5:23 PM, Scott Ullrich <sullrich at gmail.com> wrote:
> On Thu, May 28, 2009 at 4:17 PM, Alexandre Biancalana
> <biancalana at gmail.com> wrote:
>> The patch does not apply clearly, I merge they by hand (the final diff
>> is attached) and compiled Ok. I will give a try and let you know.
>>
>> I'm curious about the two new command line options -i and -2, what's
>> the exacly purpose of this options ?
>
> That might be a little bit outdated.  The most up to date port is
> here: http://redmine.pfsense.org/repositories/browse/pfsense-tools/pfPorts/pftpx-routeto
>
> I quickly glanced at the source and did not see the -i argument but
> the -2 argument should be the routeto IP address:
>
>        if (routeto) {
>                memset(&hints, 0, sizeof hints);
>                hints.ai_flags = AI_NUMERICHOST;
>                hints.ai_family = ipv6_mode ? AF_INET6 : AF_INET;
>                hints.ai_socktype = SOCK_STREAM;
>                error = getaddrinfo(routeto, NULL, &hints, &res);
>                if (error)
>                        errx(1, "getaddrinfo route-to address failed: %s",
>                            gai_strerror(error));
>                memcpy(&routeto_ss, res->ai_addr, res->ai_addrlen);
>                logmsg(LOG_INFO, "using route-to (%s %s)", routeto_if,
>                    sock_ntop(sstosa(&routeto_ss)));
>                freeaddrinfo(res);
>        }


Does not work :-(

The client side the error happen in a intermittent manner:

Pink:/usr/home/ale $ ftp xxx.xxx.11.130
Connected to xxx.xxx.11.130.
220-Microsoft FTP Service
220 FTP SERVER
Name (xxx.xxx.11.130:ale): user
421 Service not available, remote server has closed connection.
ftp: Login failed.
ftp> quit
Pink:/usr/home/ale $ ftp xxx.xxx.11.130
Connected to xxx.xxx.11.130.
421 Service not available, remote server has closed connection.
ftp> quit
Pink:/usr/home/ale $ ftp xxx.xxx.11.130
Connected to xxx.xxx.11.130.
220-Microsoft FTP Service
220 FTP SERVER
Name (xxx.xxx.11.130:ale): user
331 Password required for user.
Password:
421 Service not available, remote server has closed connection.
ftp: Login failed.
ftp>


the server side looks like this:

FW1:/usr/ports/ftp/pftpx #  pftpx -D7 -d -c 8023 -f 192.168.0.80 -p
192.168.0.253
using 192.168.0.253 to connect to servers
using route-to (lo0 127.0.0.1)
using fixed server 192.168.0.80
listening on 127.0.0.1 port 8023


#1 accepted connection from xxx.xxx.153.79
#1 FTP session 1/100 started: client xxx.xxx.153.79 to server
192.168.0.80 via proxy 192.168.0.253
#1 server: 220-Microsoft FTP Service\r\n
#1 server: 220 FTP SERVER\r\n
#2 accepted connection from xxx.xxx.153.79
#2 FTP session 2/100 started: client xxx.xxx.153.79 to server
192.168.0.80 via proxy 192.168.0.253
#2 server: 220-Microsoft FTP Service\r\n
#1 server: 220 FTP SERVER\r\n
#2 client: USER user\r\n
#2 server: 331 Password required for user.\r\n
#2 client reset connection
#2 ending session


Any other idea ?

Alexandre

More information about the freebsd-pf mailing list