Fixed the bug that prevented communication with FTP servers behind

NAT in extended passive mode if the server's public IP address was
different from the main NAT address.  This caused a wrong aliasing
link to be created that did not route the incoming packets back to
the original IP address of the server.

	natd -v -n pub0 -redirect_address localFTP publicFTP

Note that even if localFTP == publicFTP, one still needs to supply
the -redirect_address directive.  It is needed as a helper because
extended passive mode's 229 reply does not contain the IP address.

MFC after:	1 week

1 files changed, 4 insertions, 3 deletions

diff --git a/lib/libalias/alias_ftp.c b/lib/libalias/alias_ftp.c
index 7dee3f8bc62c..7e51e73d2f3c 100644
--- a/lib/libalias/alias_ftp.c
+++ b/lib/libalias/alias_ftp.c
@@ -145,8 +145,10 @@ int maxpacketsize  /* The maximum size this packet can grow to (including header
  */
 	    if (ParseFtp227Reply(sptr, dlen))
 		ftp_message_type = FTP_227_REPLY;
-	    else if (ParseFtp229Reply(sptr, dlen))
+	    else if (ParseFtp229Reply(sptr, dlen)) {
 		ftp_message_type = FTP_229_REPLY;
+		true_addr.s_addr = pip->ip_src.s_addr;
+	    }
 	}
 
 	if (ftp_message_type != FTP_UNKNOWN_MESSAGE)
@@ -464,8 +466,7 @@ NewFtpMessage(struct ip *pip,
     struct alias_link *ftp_link;
 
 /* Security checks. */
-    if (ftp_message_type != FTP_229_REPLY &&
-	pip->ip_src.s_addr != true_addr.s_addr)
+    if (pip->ip_src.s_addr != true_addr.s_addr)
 	return;
 
     if (true_port < IPPORT_RESERVED)