On Fri, 14 Dec 2007 23:22:22 +0100, Max Laier <max_at_love2party.net> wrote: > > from src/UPDATING: > > 20070702: > The packet filter (pf) code has been updated to OpenBSD 4.1 Please > note the changed syntax - keep state is now on by default. Also > note the fact that ftp-proxy(8) has been changed from bottom up and > has been moved from libexec to usr/sbin. Changes in the ALTQ > handling also affect users of IPFW's ALTQ capabilities. > > I'm afraid it hasn't made it's way to the Release notes, yet. > > The ftp-proxy(8) manpage provides configuration examples and details. > Ah, I have found the problem. Admittedly, I was under the impression that the proxy host here had been upgraded to 7.0; this turns out to be not the case. The ftp-proxy host in question is one of the few here that has not yet been upgraded from 6.2 to 7.0. It is therefore still running the OpenBSD 3.7-derived ftp-proxy. A bunch of desk/laptops here have recently been upgraded to 7.0 and with that came recent versions of firefox. I gather that a change in firefox documented here: http://www.mozilla.org/security/announce/2007/mfsa2007-11.html no longer permits the behavior of ftp-proxy in changing the data port, making recent versions of firefox incompatible with the old ftp-proxy. That's why firefox appeared to stop working. I do see that the ftp-proxy on 7.0 has been changed and that the man page does look rather like the one for pftpx, so I now see that what you're saying, Max, looks right. The problem I ran into, that of having new 7.0 desktops and recent versions of tools like firefox, together with a 6.x firewall/proxy host, may be a situation others run into over the next few weeks. Perhaps it's worth posting a heads up to stable_at_ once 7.0 is released, explaining that folks still using 6.x on a firewall/proxy will need to replace ftp-proxy with ftp/pftpx, and then go back to ftp-proxy when they upgrade the firewall/proxy host to 7.x. I had seen the note in UPDATING, but that note does not mention the breakage with firefox or what the solution is. -jr
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:24 UTC