Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] PASV FTP problem

To: "DeFrain, Sue" <[email protected]>, [email protected]
Subject: Re: [FW1] PASV FTP problem
From: Peter Goodridge <[email protected]>
Date: Fri, 13 Oct 2000 10:39:55 -0700 (PDT)
Sender: [email protected]

Hi Sue,

Bizarre as it sounds I've had good luck fixing pasv
FTP by disabling it in policy properties.  It seems to
be better now that I'm on 4.1 sp2.

HTH,
Pete Goodridge

--- "DeFrain, Sue" <[email protected]> wrote:
> 
> We are having a problem with clients coming into our
> FTP server getting hung
> on ftp sessions using any browser.  We are running
> CheckPoint 4.0 SP7 on Sun
> 2.6 with the latest patches.  After applying several
> of the ftp fixes, the
> High Port TCP Services and FTP, the FTPPORT match
> solution and the
> FTP_ENFORCE_NL, all of which I found on Phoneyboy
> and CheckPoints sites, we
> are still having a problem.
> 
> When I do a snoop on the firewall after
> double-clicking the file, I get
> this:
> 10.10.10.9 -> 11.11.11.99 FTP R port=59235 220
> dtwebftp02 Micro
> 11.11.11.99 -> 10.10.10.9 FTP C port=59235 USER
> anonymous\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59235 331
> Anonymous access
> 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASS
> IE40user@\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59235 230
> Anonymous user l
> 11.11.11.99 -> 10.10.10.9 FTP C port=59235 TYPE
> I\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59235 200 Type
> set to I.\r\n
> 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASV\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59235 227
> Entering Passive
> 
> And it just hangs there.  But a right click gives me
> this:
> 
> 11.11.11.99 -> 10.10.10.9 FTP C port=59220 noop\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 NOOP
> command suc
> 11.11.11.99 -> 10.10.10.9 FTP C port=59220 CWD
> /trial/\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59220 250 CWD
> command succ
> 11.11.11.99 -> 10.10.10.9 FTP C port=59220 TYPE
> I\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 Type
> set to I.\r\n
> 11.11.11.99 -> 10.10.10.9 FTP C port=59220 PORT
> 207,70,91,65,23
> 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 PORT
> command suc
> 11.11.11.99 -> 10.10.10.9 FTP C port=59220 SIZE
> dto2kt.exe\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59220 213
> 11378688\r\n
> 11.11.11.99 -> 10.10.10.9 FTP C port=59220 RETR
> dto2kt.exe\r\n
> 10.10.10.9 -> 11.11.11.99 FTP R port=59220 150
> Opening BINARY m
> 
> And the file will download
> 
> Does anyone have any other issues with pasv ftp?  It
> is enabled in the
> policy properties.
> 
> Any help would be greatly appreciated.
> 
> 
>
================================================================================
>      To unsubscribe from this mailing list, please
> see the instructions at
>               
> http://www.checkpoint.com/services/mailing.html
>
================================================================================



__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Remote Access for Staff.
Next by Date: Re:RE: [FW1] Remote Access for Staff.
Previous by thread: [FW1] PASV FTP problem
Next by thread: Re: [FW1] PASV FTP problem
Index(es):
- Date
- Thread