For some time now, I've had problems getting IPv6 FTP working
through my IPfilter (4.1) firewall. I'm not quite sure what I've done
wrong, but I'm sure a configuration setting could be adjusted to fix it.
My router is a NetBSD 5.0_STABLE box, and was formerly a 4.0_STABLE
box, both of which showed this problem for 4.0 and 5.0 boxes behind
the firewall. The router/firewall has an IPv6 tunnel out, and runs
native IPv6 on the networks behind itself.
When a machine tries to establish an FTP connection over IPv6, it
works, until it attempts to start a transfer. This evening, the FTP
client explained:
229 Entering Extended Passive Mode (|||63935|)
150 Opening BINARY mode data connection for file.gz (208102 bytes).
0% | | 0 0.00 KiB/s
--:-- ETA^C
It never goes anywhere, and I interrupt it. IPv4 connections to
the same foreign host for the same file work, however.
My ipnat.conf sets up mappings for the IPv4 networks I want to be
able to FTP through the [internal] FTP proxy:
map vlan0 A.B.C.D/24 -> 0/32 proxy port ftp ftp/tcp
map vlan0 172.M.N.X/28 -> 0/32 proxy port ftp ftp/tcp
Should I do something similar for IPv6? I'm not NAT'ing IPv6,
however, so I didn't assume I needed as much. I think it's just a
filtering issue.
Is there some smarts needed to auto-open the returns for FTP data
transfers for IPv6 through ipfilter?
Thanks. All pointers appreciated.
- Chris
