[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] PASV FTP problem
We are having a problem with clients coming into our FTP server getting hung on ftp sessions using any browser. We are running CheckPoint 4.0 SP7 on Sun 2.6 with the latest patches. After applying several of the ftp fixes, the High Port TCP Services and FTP, the FTPPORT match solution and the FTP_ENFORCE_NL, all of which I found on Phoneyboy and CheckPoints sites, we are still having a problem. When I do a snoop on the firewall after double-clicking the file, I get this: 10.10.10.9 -> 11.11.11.99 FTP R port=59235 220 dtwebftp02 Micro 11.11.11.99 -> 10.10.10.9 FTP C port=59235 USER anonymous\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59235 331 Anonymous access 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASS IE40user@\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59235 230 Anonymous user l 11.11.11.99 -> 10.10.10.9 FTP C port=59235 TYPE I\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59235 200 Type set to I.\r\n 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASV\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59235 227 Entering Passive And it just hangs there. But a right click gives me this: 11.11.11.99 -> 10.10.10.9 FTP C port=59220 noop\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 NOOP command suc 11.11.11.99 -> 10.10.10.9 FTP C port=59220 CWD /trial/\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59220 250 CWD command succ 11.11.11.99 -> 10.10.10.9 FTP C port=59220 TYPE I\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 Type set to I.\r\n 11.11.11.99 -> 10.10.10.9 FTP C port=59220 PORT 207,70,91,65,23 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 PORT command suc 11.11.11.99 -> 10.10.10.9 FTP C port=59220 SIZE dto2kt.exe\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=8688\r\n 11.11.11.99 -> 10.10.10.9 FTP C port=59220 RETR dto2kt.exe\r\n 10.10.10.9 -> 11.11.11.99 FTP R port=59220 150 Opening BINARY m And the file will download Does anyone have any other issues with pasv ftp? It is enabled in the policy properties. Any help would be greatly appreciated. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|