proftpd and ppp modem

[mtx]

hello to you all. i have a strange problem connecting from a ppp connection made with an Huawei E220 HSDPA USB modem to one of my ftp servers. ALL other ftp connections to this server are working.
I have 2 server's which have the same proftpd configuration, the difference being that the one which doesn't work is behind a pf firewall and the other one is directly connected to the ISP.
topology:

1.
--internet --- [FreeBSD proftpd]

- the above does work

2.
---internet--- [bridged DSL modem]----[mpd4 + pf]---[FreeBSD ftp]

-this doesn't work
Details about 2. :
[mpd4 + pf]:

Code:

# uname -a
FreeBSD osiris.pilot.lan 6.2-RELEASE-p7 FreeBSD 6.2-RELEASE-p7 #1: Sun Aug  5 15:06:33 EEST 2007     root@osiris.pilot.lan:/usr/obj/usr/src/sys/OSIRIS  i386

- pf snippet with the redirection rule to the [FreeBSD ftp] (DMZ_HOST)

Code:

rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 21 -> <DMZ_HOST> port 21
rdr pass on $EXT_IF proto tcp from any to $EXT_IF port 59000:59100 -> <DMZ_HOST> port 59000:59100

[FreeBSD ftp]:
- no firewall running

Code:

# uname -a
FreeBSD isis 6.2-RELEASE-p6 FreeBSD 6.2-RELEASE-p6 #2: Sun Aug 12 02:12:30 EEST 2007     root@isis:/usr/obj/usr/src/sys/ISIS  i386

I have noticed that the ppp connection receives a private IP (172.16/12 class) and on the server the ftp is accessed from an external IP (the connection is nat-ed through that public IP).
Googling around i found out a directive from proftpd AllowForeignAddress.
Before enabling this on the servers even the 1. server didn't allow connections from that HSDPA modem.
Even though the second one doesn't work. I have tcpdump-ed the connection on the [mpd4+pf] box but no packets get blocked or something.
On the client i have wireshark installed and i will attach the output of that ftp session.
This is all i can think of right now. If more informations are required i'll be glad to provide them.
any hints on where to look further would be nice. thank you.

all the best,
v

[mtx]

digging further:

[mp4+pf] box

Code:

# tcpdump -enqxX -i ng0 host 213.233.102.254
13:50:15.381119 AF IPv4 (2), length 94: 12.34.56.78.21 > 213.233.102.254.39552: P 261:311(50) ack 92 win 65535
        0x0000:  4500 005a afc8 4000 3f06 1e29 597a d74a  E..Z..@.?..)Yz.J
        0x0010:  d5e9 66fe 0015 9a80 f163 810c a16b 59ad  ..f......c...kY.
        0x0020:  5018 ffff c446 0000 3232 3720 456e 7465  P....F..227.Ente
        0x0030:  7269 6e67 2050 6173 7369 7665 204d 6f64  ring.Passive.Mod
        0x0040:  6520 2831 3932 2c31 3638 2c31 2c32 2c32  e.(192,168,1,2,2
        0x0050:  3330 2c31 3331 292e 0d0a                 30,131)...
13:50:15.431110 AF IPv4 (2), length 94: 213.233.102.254.39552 > 12.34.56.78.21: R 92:142(50) ack 261 win 65535
        0x0000:  4500 005a afc8 4000 2806 3529 d5e9 66fe  E..Z..@.(.5)..f.
        0x0010:  597a d74a 9a80 0015 a16b 59ad f163 810c  Yz.J.....kY..c..
        0x0020:  5014 ffff c44a 0000 3232 3720 456e 7465  P....J..227.Ente
        0x0030:  7269 6e67 2050 6173 7369 7665 204d 6f64  ring.Passive.Mod
        0x0040:  6520 2831 3932 2c31 3638 2c31 2c32 2c32  e.(192,168,1,2,2
        0x0050:  3330 2c31 3331 292e 0d0a                 30,131)...

laptop using Huawei HSDPA modem to connect to internet
wireshark output

Code:

No.     Time        Source                Destination           Protocol Info
    378 1336.729664 172.26.58.191         12.34.56.78         FTP      Request: PASV

Frame 378 (50 bytes on wire, 50 bytes captured)
Point-to-Point Protocol
Internet Protocol, Src: 172.26.58.191 (172.26.58.191), Dst: 12.34.56.78 (12.34.56.78)
Transmission Control Protocol, Src Port: 50832 (50832), Dst Port: ftp (21), Seq: 86, Ack: 261, Len: 6
    Source port: 50832 (50832)
    Destination port: ftp (21)
    Sequence number: 86    (relative sequence number)
    [Next sequence number: 92    (relative sequence number)]
    Acknowledgement number: 261    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0x232c [correct]
    [SEQ/ACK analysis]
File Transfer Protocol (FTP)
    PASV\r\n
        Request command: PASV

No.     Time        Source                Destination           Protocol Info
    379 1344.295777 172.26.58.191         12.34.56.78         FTP      [TCP Retransmission] Request: PASV

Frame 379 (50 bytes on wire, 50 bytes captured)
Point-to-Point Protocol
Internet Protocol, Src: 172.26.58.191 (172.26.58.191), Dst: 12.34.56.78 (12.34.56.78)
Transmission Control Protocol, Src Port: 50832 (50832), Dst Port: ftp (21), Seq: 86, Ack: 261, Len: 6
    Source port: 50832 (50832)
    Destination port: ftp (21)
    Sequence number: 86    (relative sequence number)
    [Next sequence number: 92    (relative sequence number)]
    Acknowledgement number: 261    (relative ack number)
    Header length: 20 bytes
    Flags: 0x18 (PSH, ACK)
    Window size: 65535
    Checksum: 0x232c [correct]
    [SEQ/ACK analysis]
File Transfer Protocol (FTP)
    PASV\r\n
        Request command: PASV

these are the last two packets where the connection gets closed by the client.
As i can see the server replies to the client with the PASV port (first packet from [mpd4+pf] box) and the client sends a RESET. do you guys have any idea why is this happening. any hint?!
thank you

all the best,
v

[letgo]

Hi,

How do you get your Huawei E220 to work on your laptop. Up to-date, I am not able to find a solution. That's what prevent me from installing FreeBSD. Presently, using Linux.

Appreciate if you can share with me your solution. Thanks.

[mtx]

Quote:

How do you get your Huawei E220 to work on your laptop. Up to-date, I am not able to find a solution.

my laptop is running OS X. i don't know if there are driver for that particular modem on BSD.

/v