Hans Werner Strube wrote: > Last week I ported our firewall (working as a transparent router with special > proxyarp daemons on both interfaces) using IPF 3.4.35 from a Solaris 7_x86 PC > to a Solaris 9 Sun Fire V210 (64 bit only). In either case, IPF was compiled > on the firewall machine. The only differences were that I now added "-xO2" to > the XARCH32 in buildsunos (line 73) and used Forte 7 cc (SPARC) instead of > gcc-2.95.2 (x86). ... > Whereas this has always worked on the PC, now no FTP packets are passed > in either direction.
Additions: Although the FTP proxy rule for outgoing connections should only be required for active FTP, even passive FTP does not work with the rule. After removing the ipnat rules, at least outbound passive FTP and inbound active FTP works; so I am using this setting as a temporary workaround. Just for testing, I added other (not FTP related) map rules without proxy; these worked well. Looking at the "make solaris" output, I found many warnings by the compiler, concerning implicitly defined types and functions, also warnings due to the K&R-style function calls. Could there be an inconsistency in 64-bit mode due to these? I do not know whether this is related to the bug and cannot make tests because I have no other two-interface 64-bit SPARC machine which is not under heavy use.
