It looks like the update to 24.7.0 breaks EPSV. This was discovered because the pf proxy:ftp test started failing: https://ci.freebsd.org/job/FreeBSD-main-amd64-test/25597/testReport/sys.netpfil.pf/proxy/ftp/ I've confirmed this isn't a pf issue, both by reverting freebsd to a version from February (which still fails this test, but didn't at the time), and by running a very simple setup without pf loaded, `twistd -n --logfile=-ftp -r /tmp -p 21` and `ftp -a 127.0.0.1` (with ‘get file’). Disabling EPSV (by using 'epsv' in the ftp client) allows the transfer to succeed. Without that I see: > 229 Entering Extended Passive Mode (|||46490|). > ftp: Can't connect to `127.0.0.1:46490': Connection refused It looks like twistd was listening on a different port for the data connection.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=9cd6ab45a44607ea862c8bbb2ebaa8a7521178ff commit 9cd6ab45a44607ea862c8bbb2ebaa8a7521178ff Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-10-17 08:17:10 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-10-17 08:17:10 +0000 pf tests: disable epsv for the ftp proxy test The update to py-twisted 24.7.0 broke EPSV mode in twisted's ftp server. Work around this by disabling EPSV (and thus using PASV). PR: 282154 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") tests/sys/netpfil/pf/proxy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=667fd3bf5729a3efbbeabe1d52599072f69ec38f commit 667fd3bf5729a3efbbeabe1d52599072f69ec38f Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-10-17 08:17:10 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-10-21 07:34:49 +0000 pf tests: disable epsv for the ftp proxy test The update to py-twisted 24.7.0 broke EPSV mode in twisted's ftp server. Work around this by disabling EPSV (and thus using PASV). PR: 282154 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 9cd6ab45a44607ea862c8bbb2ebaa8a7521178ff) tests/sys/netpfil/pf/proxy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=df88800a03fbd5540d6862d1bbc2947c1abea2e0 commit df88800a03fbd5540d6862d1bbc2947c1abea2e0 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-10-17 08:17:10 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-10-21 12:51:36 +0000 pf tests: disable epsv for the ftp proxy test The update to py-twisted 24.7.0 broke EPSV mode in twisted's ftp server. Work around this by disabling EPSV (and thus using PASV). PR: 282154 MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") (cherry picked from commit 9cd6ab45a44607ea862c8bbb2ebaa8a7521178ff) tests/sys/netpfil/pf/proxy.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)