[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] PASV FTP problem
Hi Joaquim, I don't why this happens. My problem did go away mostly when I went to v4.1 sp2 though. Are you planning on upgrading? Or you can try disabling pasv ftp in policy properties. Sorry is this doesn't help much. Pete Goodridge --- Joaquim Eudes Mendes Gomide <[email protected]> wrote: > Hi Peter > I got the very same problem. I also did everything I > found on Phoneyboy > and CheckPoints sites. But FW-1 still drops the > packet "227 Entering > Passive ...". Just this packet!! And nothing is > logged. > Below is the snoop in the outside interface and > after, the inside > interface. After the comand "PASV", I get the > response in the outside > interface. In the inside interface I get nothing. > > OUTSIDE INTERFACE > > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 220 ProFTPD 1.2.0pre > OutsideInterface -> 216.126.74.18 FTP C port=48188 > USER anonymous\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 331 Anonymous login > OutsideInterface -> 216.126.74.18 FTP C port=48188 > PASS [email protected] > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 230 Acesso an\364nimo > a > OutsideInterface -> 216.126.74.18 FTP C port=48188 > REST 1\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 350 Restarting at 1. > OutsideInterface -> 216.126.74.18 FTP C port=48188 > REST 0\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 350 Restarting at 0. > OutsideInterface -> 216.126.74.18 FTP C port=48188 > SYST\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 215 UNIX Type: L8\r\n > > OutsideInterface -> 216.126.74.18 FTP C port=48188 > PWD\r\n > OutsideInterface -> 216.126.74.18 FTP C port=48188 > PWD\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 257 "/" is current d > OutsideInterface -> 216.126.74.18 FTP C port=48188 > PASV\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > 227 Entering > Passive <<<< Here it is > OutsideInterface -> 216.126.74.18 FTP C port=48188 > OutsideInterface -> 216.126.74.18 FTP C port=48188 > PASV\r\n > 216.126.74.18 -> OutsideInterface FTP R port=48188 > > > INSIDE INTERFACE > > 216.126.74.18 -> InsideInterface FTP R port=3605 220 > ProFTPD 1.2.0pre > InsideInterface -> 216.126.74.18 FTP C port=3605 > USER anonymous\r\n > 216.126.74.18 -> InsideInterface FTP R port=3605 > 216.126.74.18 -> InsideInterface FTP R port=3605 331 > Anonymous login > InsideInterface -> 216.126.74.18 FTP C port=3605 > PASS [email protected] > 216.126.74.18 -> InsideInterface FTP R port=3605 230 > Acesso an\364nimo a > > InsideInterface -> 216.126.74.18 FTP C port=3605 > REST 1\r\n > 216.126.74.18 -> InsideInterface FTP R port=3605 350 > Restarting at 1. > InsideInterface -> 216.126.74.18 FTP C port=3605 > InsideInterface -> 216.126.74.18 FTP C port=3605 > REST 0\r\n > 216.126.74.18 -> InsideInterface FTP R port=3605 350 > Restarting at 0. > InsideInterface -> 216.126.74.18 FTP C port=3605 > SYST\r\n > 216.126.74.18 -> InsideInterface FTP R port=3605 215 > UNIX Type: L8\r\n > InsideInterface -> 216.126.74.18 FTP C port=3605 > PWD\r\n > 216.126.74.18 -> InsideInterface FTP R port=3605 257 > "/" is current d > InsideInterface -> 216.126.74.18 FTP C port=3605 > PASV\r\n > InsideInterface -> 216.126.74.18 FTP C port=3605 > PASV\r\n > <<<< Where is it? > 216.126.74.18 -> InsideInterface FTP R port=3605 > > Any Idea > > TKS > > Joaquim Gomide > > > > >Pete Goodridge wrote: > > > > We are having a problem with clients coming into > our > > FTP server getting hung > > on ftp sessions using any browser. We are running > > CheckPoint 4.0 SP7 on Sun > > 2.6 with the latest patches. After applying > several > > of the ftp fixes, the > > High Port TCP Services and FTP, the FTPPORT match > > solution and the > > FTP_ENFORCE_NL, all of which I found on Phoneyboy > > and CheckPoints sites, we > > are still having a problem. > > > > When I do a snoop on the firewall after > > double-clicking the file, I get > > this: > > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 220 > > dtwebftp02 Micro > > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 USER > > anonymous\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 331 > > Anonymous access > > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 PASS > > IE40user@\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 230 > > Anonymous user l > > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 TYPE > > I\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 200 > Type > > set to I.\r\n > > 11.11.11.99 -> 10.10.10.9 FTP C port=59235 > PASV\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59235 227 > > Entering Passive > > > > And it just hangs there. But a right click gives > me > > this: > > > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 > noop\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 > NOOP > > command suc > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 CWD > > /trial/\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 250 CWD > > command succ > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 TYPE > > I\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 > Type > > set to I.\r\n > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 PORT > > 207,70,91,65,23 > > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 200 > PORT > > command suc > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 SIZE > > dto2kt.exe\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 213 > > 11378688\r\n > > 11.11.11.99 -> 10.10.10.9 FTP C port=59220 RETR > > dto2kt.exe\r\n > > 10.10.10.9 -> 11.11.11.99 FTP R port=59220 150 > > Opening BINARY m > > > > And the file will download > > > > Does anyone have any other issues with pasv ftp? > It > > is enabled in the > > policy properties. > > > > Any help would be greatly appreciated. > > > > > > > > > > -- > /\// Joaquim Eudes Mendes Gomide > / /\ Analista de Informatica > \/ / Banco do Brasil S.A. > http://www.bancodobrasil.com.br > / /\ Fone:(Brasil: +55) Fax: >> \/ / mailto:[email protected] > //\/ I am on my own. It´s not Banco do Brasil´s > opinion. > > === message truncated === __________________________________________________ Do You Yahoo!? Get Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|