--===============2009870344==
Content-Type: multipart/alternative;
boundary="----=_Part_3395_33397656.1210081680968"

------=_Part_3395_33397656.1210081680968
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Hello to you all,
Last week i've begun to have problem with an HUAWEI E220 HSDPA modem
when connecting to proftpd server. First thing i want to mention is that the
thing
that i'll describe here only happens when i connect from that modem.
First of all the topology of the servers:

ISP----[bridged modem]-----[FreeBSD mpd4+pf]----[FreeBSD proftpd]

the pf rules that redirect traffic to proftpd:

rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 21 -> port
21
rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 59000:59100 ->
port 59000:59100

DMZ_HOST (192.168.1.2) being the FreeBSD 6.2-RELEASEp6 box that runs -
ProFTPD Version 1.3.1
no firewall running on DMZ_HOST

here is the relevant ouput that the server gives when the ftp session is
closed:

12.34.56.78 (213.233.102.254[213.233.102.254]) - Entering Passive Mode
(192,168,1,2,230,167).
12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching POST_CMD
command 'PASV' to mod_sql
12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching LOG_CMD command
'PASV' to mod_sql
12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching LOG_CMD command
'PASV' to mod_log
12.34.56.78 (213.233.102.254[213.233.102.254]) - FTP session closed.

tcpdump output from the [mpd4+pf] box:

14:04:58.299572 AF IPv4 (2), length 94: 12.34.56.78.21 >
213.233.102.254.40437: P 261:311(50) ack 92 win 65535
0x0000: 4500 005a be9c 4000 3f06 0f55 597a d74a E..Z..@.?..UYz.J
0x0010: d5e9 66fe 0015 9df5 2ded 1879 01dc 346b ..f.....-..y..4k
0x0020: 5018 ffff aea7 0000 3232 3720 456e 7465 P.......227.Ente
0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod
0x0040: 6520 2831 3932 2c31 3638 2c31 2c32 2c32 e.(192,168,1,2,2
0x0050: 3330 2c31 3637 292e 0d0a
30,167)...
14:04:58.348823 AF IPv4 (2), length 94: 213.233.102.254.40437 >
12.34.56.78.21: R 92:142(50) ack 261 win 65535
0x0000: 4500 005a be9c 4000 2806 2655 d5e9 66fe E..Z..@.(.&U..f.
0x0010: 597a d74a 9df5 0015 01dc 346b 2ded 1879 Yz.J......4k-..y
0x0020: 5014 ffff aeab 0000 3232 3720 456e 7465 P.......227.Ente
0x0030: 7269 6e67 2050 6173 7369 7665 204d 6f64 ring.Passive.Mod
0x0040: 6520 2831 3932 2c31 3638 2c31 2c32 2c32 e.(192,168,1,2,2
0x0050: 3330 2c31 3637 292e 0d0a
30,167)...

The last snippet from tcpdump shows (as far as i know) that the huawei modem
sends an R
and that the server (before) that reset sends the PASV port answer. If i am
not right please correct me.
The ppp connection made from the modem receives an ip from 172.16/12
private class which gets
nat-ed to the 213.* ip from the logs. If it matters the modem is from
Vodafone.
I will attach the proftpd config file. Any hints to dig further are more
than welcomed.
Thank you.

PS: the 12.34.56.78 ip is bogus to protect my server's identity, everything
else is copy paste from
server output.

--
Kind Regards,

val

www.syk.ro
www.spreadbsd.org/aff/86/1
www.spreadbsd.org/aff/86/2

------=_Part_3395_33397656.1210081680968
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

 Hello to you all,
 Last week i've begun to have problem with an HUAWEI E220 HSDPA modem
when connecting to proftpd server. First thing i want to mention is that the thing
that i'll describe here only happens when i connect from that modem.

 First of all the topology of the servers:

ISP----[bridged modem]-----[FreeBSD mpd4+pf]----[FreeBSD proftpd]

the pf rules that redirect traffic to proftpd:

rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 21 -> <DMZ_HOST> port 21

rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 59000:59100 -> <DMZ_HOST> port 59000:59100

DMZ_HOST (192.168.1.2) being the FreeBSD 6.2-RELEASEp6 box that runs - ProFTPD Version 1.3.1

no firewall running on DMZ_HOST

here is the relevant ouput that the server gives when the ftp session is closed:

12.34.56.78 (213.233.102.254[213.233.102.254]) - Entering Passive Mode (192,168,1,2,230,167).

12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching POST_CMD command 'PASV' to mod_sql
12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching LOG_CMD command 'PASV' to mod_sql

12.34.56.78 (213.233.102.254[213.233.102.254]) - dispatching LOG_CMD command 'PASV' to mod_log
12.34.56.78 (213.233.102.254[213.233.102.254]) - FTP session closed.


tcpdump output from the [mpd4+pf] box:

14:04:58.299572 AF IPv4 (2), length 94: 12.34.56.78.21 > 213.233.102.254.40437: P 261:311(50) ack 92 win 65535
        0x0000:  4500 005a be9c 4000 3f06 0f55 597a d74a  E..Z..@.?..UYz.J

        0x0010:  d5e9 66fe 0015 9df5 2ded 1879 01dc 346b  ..f.....-..y..4k
        0x0020:  5018 ffff aea7 0000 3232 3720 456e 7465    P.......227.Ente
        0x0030:  7269 6e67 2050 6173 7369 7665 204d 6f64  ring.Passive.Mod

        0x0040:  6520 2831 3932 2c31 3638 2c31 2c32 2c32  e.(192,168,1,2,2
        0x0050:  3330 2c31 3637 292e 0d0a                            30,167)...
14:04:58.348823 AF IPv4 (2), length 94: 213.233.102.254.40437 > 12.34.56.78.21: R 92:142(50) ack 261 win 65535

        0x0000:  4500 005a be9c 4000 2806 2655 d5e9 66fe  E..Z..@.(.&U..f.
        0x0010:  597a d74a 9df5 0015 01dc 346b 2ded 1879  Yz.J......4k-..y
        0x0020:  5014 ffff aeab 0000 3232 3720 456e 7465    P.......227.Ente

        0x0030:  7269 6e67 2050 6173 7369 7665 204d 6f64  ring.Passive.Mod
        0x0040:  6520 2831 3932 2c31 3638 2c31 2c32 2c32  e.(192,168,1,2,2
        0x0050:  3330 2c31 3637 292e 0d0a                            30,167)...


The last snippet from tcpdump shows (as far as i know) that the huawei modem sends an R
and that the server (before) that reset sends the PASV port answer. If i am not right please correct me.
  The ppp connection made from the modem receives an ip from 172.16/12 private class which gets

nat-ed to the 213.* ip from the logs. If it matters the modem is from Vodafone.
 I will attach the proftpd config file. Any hints to dig further are more than welcomed.
Thank you.

PS: the 12.34.56.78 ip is bogus to protect my server's identity, everything else is copy paste from

server output.

--
Kind Regards,

val

www.syk.ro
www.spreadbsd.org/aff/86/1
www.spreadbsd.org/aff/86/2





------=_Part_3395_33397656.1210081680968--


--===============2009870344==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference
Don't miss this year's exciting event. There's still time to save $100.
Use priority code J8TL2D2.
http://ad.doubleclick.net/clk;198757...un.com/javaone
--===============2009870344==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
ProFTPD Users List
Unsubscribe problems?
http://www.proftpd.org/list-unsub.html
--===============2009870344==--