[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] PASV FTP problem
Hi Sue, Bizarre as it sounds I've had good luck fixing pasv FTP by disabling it in policy properties. It seems to be better now that I'm on 4.1 sp2. HTH, Pete Goodridge --- "DeFrain, Sue" <[email protected]> wrote: > > We are having a problem with clients coming into our > FTP server getting hung > on ftp sessions using any browser. We are running > CheckPoint 4.0 SP7 on Sun > 2.6 with the latest patches. After applying several > of the ftp fixes, the > High Port TCP Services and FTP, the FTPPORT match > solution and the > FTP_ENFORCE_NL, all of which I found on Phoneyboy > and CheckPoints sites, we > are still having a problem. > > When I do a snoop on the firewall after > double-clicking the file, I get > this: > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 220 > dtwebftp02 Micro > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 USER > anonymous\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 331 > Anonymous access > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASS > IE40user@\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 230 > Anonymous user l > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 TYPE > I\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 200 Type > set to I.\r\n > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASV\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 227 > Entering Passive > > And it just hangs there. But a right click gives me > this: > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 noop\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 NOOP > command suc > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 CWD > /trial/\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 250 CWD > command succ > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 TYPE > I\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 Type > set to I.\r\n > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 PORT > 207,70,91,65,23 > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 PORT > command suc > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 SIZE > dto2kt.exe\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 213 > 11378688\r\n > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 RETR > dto2kt.exe\r\n > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 150 > Opening BINARY m > > And the file will download > > Does anyone have any other issues with pasv ftp? It > is enabled in the > policy properties. > > Any help would be greatly appreciated. > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|