Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] ftp problems

To: Tom Heyworth <[email protected]>
Subject: Re: [FW1] ftp problems
From: "McElroy Richard C" <[email protected]>
Date: Wed, 20 Sep 2000 13:11:26 -0700
Cc: "Fw-1-Mailinglist (E-mail)" <[email protected]>
Organization: BAH
References: <7152A0116D36D411B74E00805FC725260A6331@COMMS_SVR>
Sender: [email protected]

We ran into a similar problem trying to FTP through the firewall both
ways. File size did not matter 110 kb or 50 mb. Our issue was an
intermittent problem that was fairly hard to replicate. Sometimes it
would not have a problem sometimes it would. Passive and active didn't
matter nor did the TCP high ports fix that Checkpoint suggested. We did
a TCP dump and it seems as if the Firewall as accepting a FIN ACK before
all of the data was passed through. At first we thought it was a problem
with the way the FTP servers TCP/IP stacks were configured but alas this
was not the case the same issue arose when using a SUN server as an FTP
box. Finally we looked into the inspect code that Checkpoint uses but
could not track down the issue. I don't know if any of this helps but
maybe some one actually figured out what was going on.

Rick

Tom Heyworth wrote:
> 
> Hi, i'm having problems with ftp connections to some ftp sites
> (ftp.compaq.com   ftp.barrysworld.com for instance) from behind my firewall
> (Firewall-1 4.1 on Redhat 6.2) i'm not blocking anything specific except all
> connections to the firewall it's self. I have checked the log to see if
> anything is getting denied, theres not. I have put the firewall ip in the
> DNS to see if this makes any difference - it doesn't. Has anyone got any
> ideas why this is happening and how to 'fix' it? or is it just my firewall?
> (try ftp'ing to ftp.compaq.com)
> 
> thanks
> 
> Tom Heyworth
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

-- 
Rick McElroy		
Booz·Allen & Hamilton
1615 Murray Canyon Road
Suite 220
San Diego, CA 92108================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- Re: [FW1] ftp problems :ftp.compaq.com
  - From: Greg Polanski <[email protected]>

References:
- [FW1] ftp problems
  - From: Tom Heyworth <[email protected]>

Prev by Date: Re: [FW1] Tracking users
Next by Date: RE: [FW1] How to add one more NT server to the firewall
Previous by thread: [FW1] ftp problems
Next by thread: Re: [FW1] ftp problems :ftp.compaq.com
Index(es):
- Date
- Thread