Search
	display results
words begin exact words any words part
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] PASV FTP problem

To: [email protected], [email protected]
Subject: Re: [FW1] PASV FTP problem
From: Peter Goodridge <[email protected]>
Date: Fri, 13 Oct 2000 13:33:08 -0700 (PDT)
Sender: [email protected]
Hi Joaquim,

I don't why this happens.  My problem did go away
mostly when I went to v4.1 sp2 though.  Are you
planning on upgrading?  Or you can try disabling pasv
ftp in policy properties.

Sorry is this doesn't help much.
Pete Goodridge

--- Joaquim Eudes Mendes Gomide <[email protected]>
wrote:
> Hi Peter
> I got the very same problem. I also did everything I
> found on Phoneyboy
> and CheckPoints sites. But FW-1 still drops the
> packet "227 Entering
> Passive ...". Just this packet!! And nothing is
> logged.
> Below is the snoop in the outside interface and
> after, the inside
> interface. After the comand "PASV", I get the
> response in the outside
> interface. In the inside interface I get nothing.
> 
> OUTSIDE INTERFACE
> 
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 220 ProFTPD 1.2.0pre
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> USER anonymous\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 331 Anonymous login
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> PASS [email protected]
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 230 Acesso an\364nimo
> a
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> REST 1\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 350 Restarting at 1.
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> REST 0\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 350 Restarting at 0.
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> SYST\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 215 UNIX Type: L8\r\n
> 
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> PWD\r\n
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> PWD\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 257 "/" is current d
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> PASV\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 227 Entering
> Passive      <<<< Here it is
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> OutsideInterface -> 216.126.74.18 FTP C port=48188
> PASV\r\n
> 216.126.74.18 -> OutsideInterface FTP R port=48188
> 
> 
> INSIDE INTERFACE
> 
> 216.126.74.18 -> InsideInterface FTP R port=3605 220
> ProFTPD 1.2.0pre
> InsideInterface -> 216.126.74.18 FTP C port=3605
> USER anonymous\r\n
> 216.126.74.18 -> InsideInterface FTP R port=3605
> 216.126.74.18 -> InsideInterface FTP R port=3605 331
> Anonymous login
> InsideInterface -> 216.126.74.18 FTP C port=3605
> PASS [email protected]
> 216.126.74.18 -> InsideInterface FTP R port=3605 230
> Acesso an\364nimo a
> 
> InsideInterface -> 216.126.74.18 FTP C port=3605
> REST 1\r\n
> 216.126.74.18 -> InsideInterface FTP R port=3605 350
> Restarting at 1.
> InsideInterface -> 216.126.74.18 FTP C port=3605
> InsideInterface -> 216.126.74.18 FTP C port=3605
> REST 0\r\n
> 216.126.74.18 -> InsideInterface FTP R port=3605 350
> Restarting at 0.
> InsideInterface -> 216.126.74.18 FTP C port=3605
> SYST\r\n
> 216.126.74.18 -> InsideInterface FTP R port=3605 215
> UNIX Type: L8\r\n
> InsideInterface -> 216.126.74.18 FTP C port=3605
> PWD\r\n
> 216.126.74.18 -> InsideInterface FTP R port=3605 257
> "/" is current d
> InsideInterface -> 216.126.74.18 FTP C port=3605
> PASV\r\n
> InsideInterface -> 216.126.74.18 FTP C port=3605
> PASV\r\n
> <<<< Where is it?
> 216.126.74.18 -> InsideInterface FTP R port=3605
> 
> Any Idea
> 
> TKS
> 
> Joaquim Gomide
> 
> 
> 
> >Pete Goodridge wrote:
> 
> 
> > We are having a problem with clients coming into
> our
> > FTP server getting hung
> > on ftp sessions using any browser.  We are running
> > CheckPoint 4.0 SP7 on Sun
> > 2.6 with the latest patches.  After applying
> several
> > of the ftp fixes, the
> > High Port TCP Services and FTP, the FTPPORT match
> > solution and the
> > FTP_ENFORCE_NL, all of which I found on Phoneyboy
> > and CheckPoints sites, we
> > are still having a problem.
> >
> > When I do a snoop on the firewall after
> > double-clicking the file, I get
> > this:
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 220
> > dtwebftp02 Micro
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 USER
> > anonymous\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 331
> > Anonymous access
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASS
> > IE40user@\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 230
> > Anonymous user l
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 TYPE
> > I\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 200
> Type
> > set to I.\r\n
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59235
> PASV\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 227
> > Entering Passive
> >
> > And it just hangs there.  But a right click gives
> me
> > this:
> >
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59220
> noop\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200
> NOOP
> > command suc
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 CWD
> > /trial/\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 250 CWD
> > command succ
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 TYPE
> > I\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200
> Type
> > set to I.\r\n
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 PORT
> > 207,70,91,65,23
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200
> PORT
> > command suc
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 SIZE
> > dto2kt.exe\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 213
> > 11378688\r\n
> > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 RETR
> > dto2kt.exe\r\n
> > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 150
> > Opening BINARY m
> >
> > And the file will download
> >
> > Does anyone have any other issues with pasv ftp? 
> It
> > is enabled in the
> > policy properties.
> >
> > Any help would be greatly appreciated.
> >
> >
> >
> 
> 
> 
> --
>    /\//  Joaquim Eudes Mendes Gomide
>   / /\   Analista de Informatica
>   \/ /   Banco do Brasil S.A.  
> http://www.bancodobrasil.com.br
>   / /\   Fone:(Brasil: +55)  Fax:
>>   \/ /   mailto:[email protected]
>  //\/    I am on my own. It´s not Banco do Brasil´s
> opinion.
> 
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
http://mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Prev by Date: Re: [FW1] Security Scan?
Next by Date: Re: [FW1] Security Scan?
Previous by thread: Re: [FW1] PASV FTP problem
Next by thread: [FW1] SYN Defender and WAN routing
Index(es):
- Date
- Thread