Hi Ed thx for the reply. First I should mention that all non-ssl ftp traffic
works great through the firewall (setup according to FAQ on openbsd site).
My setup is:
my client - my nat'd OpenBSD - internet - remote ftp-ssl server
I don't have any control over the remote server. The client simply hangs
saying Connected to server on port 21. Waiting for response
I did a tcpdump on the internal nic during a connection attempt from the client:
tcpdump -ttt -n -i vr0 host remote_ip
Sep 23 19:01:51.887070 192.168.1.111.1156 remote_ip.21: S
34496577:34496577(0) win 8192 mss 1460 (DF)
Sep 23 19:01:51.887122 remote_ip.21 192.168.1.111.1156: S
2282047294:2282047294(0) ack 34496578 win 16384 mss 1460
Sep 23 19:01:51.887433 192.168.1.111.1156 remote_ip.21: . ack 1 win 8760 (DF)
Sep 23 19:02:56.887799 192.168.1.111.1156 remote_ip.21: F 1:1(0) ack 1 win
8760 (DF)
Sep 23 19:02:56.887840 remote_ip.21 192.168.1.111.1156: . ack 2 win 17520
and another on the external nic at the same time:
tcpdump -ttt -n -i fxp0 host remote_ip
Sep 23 19:01:51.891462 my_external_ip.63441 remote_ip.21: S
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 3166560978 0 (DF)
Sep 23 19:01:57.883262 my_external_ip.63441 remote_ip.21: S
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 3166560990 0 (DF)
Sep 23 19:02:09.883267 my_external_ip.63441 remote_ip.21: S
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 3166561014 0 (DF)
Sep 23 19:02:33.883268 my_external_ip.63441 remote_ip.21: S
3772606012:3772606012(0) win 16384 mss 1460,nop,nop,sackOK,nop,wscale
0,nop,nop,timestamp 3166561062 0 (DF)
I would appreciate if anyone can help me understand the tcpdump output. thx
Click here to donate to the Hurricane Katrina relief effort.
