(Illustration by Gaich Muramatsu)
Jan has been helping me with this off-list. I figured out most of what was going on after getting hints on debug levels, and Jan provided a patch that fixed the problem. The quick summary for the list: There was an rpc2 bug where a rpc2 client that isn't "masqueraded" (such as codasrv) does not follow the masquerading rules when initiating an SFTP transfer to a masquerading client (such as venus). This happened when the server did a backfetch to get the file contents for a store during reintegration. In my case, I have IPsec SPD entries and firewall rules that limit traffic to what ought to be happening, and this traffic coming from the server's port 2433 didn't match and was blocked (by local policy, I require clients to be set up to masquerade). For various reasons I didn't notice that a firewall was dropping packets (sorry Jan - this would have been easier had I noticed promptly!). Jan committed a fix to CVS (in rpc2) so the reverse masquerading happens right. With that on the server, I can reintegrate just fine over a 28.8 modem (with the restrictive SPD and firewall rules in place). Greg Troxel <gdt_at_ir.bbn.com>Received on 2001-09-22 09:59:17