Chris Adams wrote:
Okay, I've got an odd one, and I'm hoping a kernel developer can at least point me in the right direction.
I've got a Linux box (Fedora Core 5 and kernel 2.6.17-1.2174_FC5), sitting behind a Juniper J2300 router (running JUNOS 7.3R2.6), attempting to FTP to an Alphaserver running Tru64 (5.1B or 4.0G).
With that combination and a stateful firewall enabled on the Juniper, I do not get the FTP banner when I open an FTP connection. The connection just sits there. This is not the traditional FTP problems (active vs. passive, reverse DNS lookup, authentication, etc.).
If I downgrade my Linux box to the FC5 release kernel (2.6.15-1.2054_FC5), it works fine. If I upgrade to the rawhide kernel (2.6.17-1.2583.fc6), it does not work.
Any other combination of OSes works (FTP from WinXP to Tru64, FTP from Linux to Linux or Windows). An FC4 client with a (IIRC) 2.6.16 kernel also works to Tru64.
Now, this appears to be a Juniper JUNOS bug (and our Juniper SE is going to open a case), but what could have changed between Linux kernels 2.6.15 and 2.6.17 that would trigger it? I'm hoping to narrow this down somehow to help Juniper find the problem.
I would compare the output of "cat /proc/sys/net/ipv4/*" on 2.6.15-1.2054 and 2.6.17-1.2174 with diff. Then try configuring 2.6.17-1.2174 like 2.6.15-1.2054 and see if it helps.
Also I would advocate being careful running older kernels. I recently had a client who's server was running a kernel two or three versions behind 2.6.17-1.2174, and a local exploit to attain root access was used. It is a known issue and was fixed in the next kernel, but he hadn't updated.