Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] ftp problems :ftp.compaq.com

To: McElroy Richard C <[email protected]>, Firewall One List <[email protected]>
Subject: Re: [FW1] ftp problems :ftp.compaq.com
From: Greg Polanski <[email protected]>
Date: Thu, 21 Sep 2000 14:47:30 -0500
Organization: ADC Telecommunications, Inc.
References: <7152A0116D36D411B74E00805FC725260A6331@COMMS_SVR> <[email protected]>
Sender: [email protected]

To gain access to ftp.compaq.com and ftp.oracle.com,
I had to apply BOTH newline patches to base.def in
FW v4.1, SP2.

The checkpoint support references are

10043.0.9
10043.0.4

nyland# diff -b /etc/fw/lib/base.def.orig /etc/fw/lib/base.def
560c560,563
< #define FTPPORT(match)        (call KFUNC_FTPPORT <0x1|(match)>)
---
> // 28aug2k, g.polanski, suppress mandatory newline based upon
> //    checkpoint FTP to some servers fails (10043.0.413)
> //
> // #define FTPPORT(match)     (call KFUNC_FTPPORT <0x1|(match)>)
565c568
< // #define FTPPORT(match)     (call KFUNC_FTPPORT <(match)>)
---
> #define FTPPORT(match)        (call KFUNC_FTPPORT <(match)>)
567c570,575
< #define FTP_ENFORCE_NL 
---
> // 28aug2k, g.polanski, eliminate definition of FTP_ENFORCE_NL
> // 29aug2k, g.polanski, not effective to ftp.compaq.com, so put back
> // 20sep2k, g.polanski, put comment in front of #define
> //    FTP to specific servers fails (10043.0.982)
> //
> // #define FTP_ENFORCE_NL 



McElroy Richard C wrote:
> 
> We ran into a similar problem trying to FTP through the firewall both
> ways. File size did not matter 110 kb or 50 mb. Our issue was an
> intermittent problem that was fairly hard to replicate. Sometimes it
> would not have a problem sometimes it would. Passive and active didn't
> matter nor did the TCP high ports fix that Checkpoint suggested. We did
> a TCP dump and it seems as if the Firewall as accepting a FIN ACK before
> all of the data was passed through. At first we thought it was a problem
> with the way the FTP servers TCP/IP stacks were configured but alas this
> was not the case the same issue arose when using a SUN server as an FTP
> box. Finally we looked into the inspect code that Checkpoint uses but
> could not track down the issue. I don't know if any of this helps but
> maybe some one actually figured out what was going on.
> 
> Rick
> 


_______________________________________________________________
Greg Polanski                    mailto:[email protected]
ADC Telecommunications, IncMSFAX
PO Box 1pager
Minneapolis, MN  [email protected]
_______________________________________________________________


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] ftp problems
  - From: Tom Heyworth <[email protected]>
- Re: [FW1] ftp problems
  - From: "McElroy Richard C" <[email protected]>

Prev by Date: RE: [FW1] IP pools
Next by Date: [FW1] Secure Remote Deployment
Previous by thread: Re: [FW1] ftp problems
Next by thread: RE: [FW1] ftp problems
Index(es):
- Date
- Thread