Tugger the SLUGger!SLUG Mailing List Archives

RE: [SLUG] FW: FTP NAT/Conntrack problems

Title: RE: [SLUG] FW: FTP NAT/Conntrack problems

Lukes last post cc: slug about this :-)

> > I say NO to the claim that I did not research what I wrote fully. I
> > just spend the last day researching this topic trying to find out
> > why some ftp sites didn't work with our implementation of netfilter
> > + nat. Tested a hypothesis and found out it was correct from the
> > developers on the netfilter mailing list. Then I suggested a fix -
> > only to find out it already existed 5 minutes ago.
> Well, if you had actually read the Netfilter website, you would have
> found the security advisory that resulted in the patch, and details
> about it.

The security advisory doesn't say in English (though it does illustrate the
the inner workings of files relating to connection tracking in the proc filesystem) that could have given a answer to this problem.

I did read the security advisory document and again you didn't research your reply. My first posting had a link to that document in it.

You are wrong about the patch changing the behaviour of conntrac ftp in netfilter. It has always had this behaviour due to incoming ftp data connections. Do your code hacking to confirm that if you must. See the netfilter list which no doubt you must be on sometimes it's easier.

Nor more FLAMING to the SLUG list. Please let go and do it privately :-)
> > Well I could have hacked / looked at the code but seeing I'm not an
> > elitist or a big code hacker like yourself I just did a couple of
> > postings to the netfilter-users mailing list. Just calm down and
> > stop flaming fellow Linux "users" - if you don't find them fellow
> > you don't need to tell the whole world that.
> Since you're not a `big code hacker', you should have been the last
> person to make such an `advisory post'.  Leave it to the people who
> know what they're doing.

Not to critise anyone, but the post to the netfilter list in follow up to my
comments in it had the modules for ftp nat names mixed up. I mean everyone makes mistakes.
Did I go out and slag the developer who I wont name for making a honest mistake? Or should one
just breath a sigh of releif and let it go :-)
> > I didn't go on bragging that Winroute Pro works and Linux doesn't
> > didn't I?  so I don't deserve a hiding from you ;_) or any other
> > Linux users I tried to help with this tip that I found in my travels
> > and experience :-).
> Oh yes you did.  I don't care which camp you come from, if you post
> crap, I will comment.

Because you must have the last word. We have all seen that :-)
See comment above. Look there is a uncorrected mistake in the netfilter-mailing list about which module takes the loose=1 option. Maybe you should forward my second email about this SLUG list about it to fix it up there. Are you obsessive compulsive?

> > If your not happy being on a linux USERS list nobody is forcing you
> > to stay subscribed to it. Yes most linux users should hack the code
> > and contribute and not RELY on other people time for support but it
> > doesn't say anywhere that linux users have to be code
> > hackers. Ignorance is bliss (till I go to Uni next year at least :-)
> Ah, this explains it!  Another kiddy wannabe.  Maybe you'll have a
> clue in a few more years.

Hahaha I've been lurking on the slug mailing list on and off since 95/96. Grow up. Now you are resorting to personal comments.  Keep it off the mailing list, it only reflects back on you. Call me and abuse me if you must :-)

Luke McKee
Network Administrator,
Customer Systems Support
Webpay, Secure Digital Commerce
Webtel Pty Ltd
Ph:  +61 2 9921 1234
Fax: +61 2 9923 1700
Web: http://www.webpay.com.au