NetBSD Problem Report #35225
From perry@piermont.com Sun Dec 10 04:37:01 2006
Return-Path: <perry@piermont.com>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
by narn.NetBSD.org (Postfix) with ESMTP id 6802463BA6D
for <gnats-bugs@gnats.NetBSD.org>; Sun, 10 Dec 2006 04:37:01 +0000 (UTC)
Message-Id: <20061210043659.B33D278B608@hackworth.piermont.com>
Date: Sat, 9 Dec 2006 23:36:59 -0500 (EST)
From: perry@piermont.com
Reply-To: perry@piermont.com
To: gnats-bugs@NetBSD.org
Subject: there is no automation in rc.d for ftp-proxy(8)
X-Send-Pr-Version: 3.95
>Number: 35225
>Category: misc
>Synopsis: there is no automation in rc.d for ftp-proxy(8)
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: dholland
>State: open
>Class: sw-bug
>Submitter-Id: net
>Arrival-Date: Sun Dec 10 04:40:01 +0000 2006
>Closed-Date:
>Last-Modified: Sun Feb 28 22:15:21 +0000 2010
>Originator: Perry E. Metzger
>Release: NetBSD 4.99.3
>Organization:
Perry E. Metzger perry@piermont.com
--
"Ask not what your country can force other people to do for you..."
>Environment:
System: NetBSD hackworth 4.99.3 NetBSD 4.99.3 (HACKWORTH) #0: Fri Oct 27 14:05:48 EDT 2006 perry@hackworth:/usr/obj/sys/arch/i386/compile/HACKWORTH i386
Architecture: i386
Machine: i386
>Description:
Our rc.d machinery doesn't include support needed to start the
ftp-proxy(8) daemon, which is needed for pf based NATs.
>How-To-Repeat:
>Fix:
Add the needed machinery, perhaps to new file, /etc/rc.d/ftp-proxy
>Release-Note:
>Audit-Trail:
From: Juan RP <juan@xtrarom.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: misc/35225: there is no automation in rc.d for ftp-proxy(8)
Date: Sun, 10 Dec 2006 05:46:25 +0100
On Sunday 10 December 2006 05:40, perry@piermont.com wrote:
> >Description:
>
> Our rc.d machinery doesn't include support needed to start the
> ftp-proxy(8) daemon, which is needed for pf based NATs.
ftp-proxy(8) clearly mentions that it needs to be started via
inetd:
ftp-proxy is run from inetd(8) and requires that FTP connections are
redirected to it using a rdr rule. A typical way to do this would be to
use either an ipnat rule such as
int_if = "xl0";
rdr $int_if 0/0 port 21 -> 127.0.0.1 port 8021 tcp
or a pf.conf(5) rule such as
int_if = "xl0"
rdr pass on $int_if proto tcp from any to any port 21 -> 127.0.0.1 port
8021
inetd(8) must then be configured to run ftp-proxy on the port from above
using
127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy
ftp-proxy -[ip]
in inetd.conf(5).
I don't see the point of your PR.
--
http://plog.xtrarom.org/
Juan RP's blog - NetBSD/pkgsrc news in Spanish
From: "Perry E. Metzger" <perry@piermont.com>
To: gnats-bugs@NetBSD.org
Cc: misc-bug-people@netbsd.org, gnats-admin@netbsd.org,
netbsd-bugs@netbsd.org
Subject: Re: misc/35225: there is no automation in rc.d for ftp-proxy(8)
Date: Wed, 13 Dec 2006 11:34:43 -0500
Juan RP <juan@xtrarom.org> writes:
> ftp-proxy(8) clearly mentions that it needs to be started via
> inetd:
[...]
> I don't see the point of your PR.
We don't have the program in our inetd.conf file either.
Perry
From: "matthew sporleder" <msporleder@gmail.com>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: misc/35225
Date: Tue, 22 Jan 2008 18:20:49 -0500
--- inetd.conf.orig 2008-01-22 18:11:59.000000000 -0500
+++ inetd.conf 2008-01-22 18:19:43.000000000 -0500
@@ -84,3 +84,7 @@
#walld/1 dgram rpc/udp wait nobody:tty /usr/libexec/rpc.rwalld rpc.rwalld
#sprayd/1 dgram rpc/udp wait nobody /usr/libexec/rpc.sprayd rpc.sprayd
#rquotad/1-2 dgram rpc/udp wait root /usr/libexec/rpc.rquotad rpc.rquotad
+#
+# Filter Support services
+#
+#127.0.0.1:8021 stream tcp nowait root /usr/libexec/ftp-proxy ftp-proxy -[ip]
From: David Holland <dholland-bugs@netbsd.org>
To: gnats-bugs@netbsd.org
Cc:
Subject: Re: misc/35225: there is no automation in rc.d for ftp-proxy(8)
Date: Sat, 8 Mar 2008 19:08:02 +0000
The problem with putting a canned line in the standard inetd.conf is
that there's not a canonical way to invoke ftp-proxy. The options
depend on the details of the setup, and the port number isn't standard
either.
In an ideal world perhaps ftp-proxy would be able to find this out for
itself, but there are problems with that too: someone might
legitimately want to run multiple copies (e.g., one for outgoing ftp,
one for incoming ftp to a ftp server kept behind a NAT for safety) and
it's far from clear exactly how that should be arranged.
If anyone has any brilliant ideas, or patches, please send them along;
in the meantime, I'm going to mark this suspended.
--
David A. Holland
dholland@netbsd.org
State-Changed-From-To: open->suspended
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sat, 08 Mar 2008 19:40:33 +0000
State-Changed-Why:
Not fixable without major rework of network and filter configuration, which
is not likely forthcoming. (But we can hope...)
From: matthew sporleder <msporleder@gmail.com>
To: gnats-bugs@netbsd.org, gnats-admin@netbsd.org
Cc:
Subject: Re: misc/35225
Date: Mon, 22 Feb 2010 08:46:50 -0500
There is now /etc/rc.d/ftp_proxy, but it doesn't seem to be documented
anywhere. Is this now the preferred method?
From: "Perry E. Metzger" <perry@piermont.com>
To: gnats-bugs@NetBSD.org, msporleder@gmail.com
Cc: misc-bug-people@netbsd.org, gnats-admin@netbsd.org, netbsd-bugs@netbsd.org
Subject: Re: misc/35225
Date: Mon, 22 Feb 2010 14:02:26 -0500
matthew sporleder <msporleder@gmail.com> writes:
> There is now /etc/rc.d/ftp_proxy, but it doesn't seem to be documented
> anywhere. Is this now the preferred method?
The existence of the file (added in 2008) largely fixes the PR, though
I'm not sure what should be done about documentation.
--
Perry E. Metzger perry@piermont.com
Responsible-Changed-From-To: misc-bug-people->dholland
Responsible-Changed-By: dholland@NetBSD.org
Responsible-Changed-When: Sun, 28 Feb 2010 22:15:21 +0000
Responsible-Changed-Why:
I will have a look...
State-Changed-From-To: suspended->open
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Sun, 28 Feb 2010 22:15:21 +0000
State-Changed-Why:
Situation's changed.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.