[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] ftp-data droped in stonebeat fullcluster
Hi, I have a couple of sparc FW1s running with Stonebeat fullcluster 1.0, Everything seems fine right now except for the FTP service. I use NAT in the internal network. When I FTP to an external host from the internal network, sometimes I get no response when I run command such as "ls" in ftp(cannot build up ftp-data connection tcp port 20). But I have no problem with other stuff that use port 21 only such as "cd (change directory". This problem does not occur in every FTP session. I keep an eye on the log viewer and notice the below: when I see the following log entry the FTP-data works: FW service source dest source-port ======================================================== FW-A ftp ftp-client ftp-server 33099 when I see the following log entry the FTP-data *dont* work: FW service source dest source-port ======================================================== FW-A ftp ftp-client ftp-server 33099 FW-B 33099 ftp-server ftp-client ftp The difference is the second log entry! Of course when I offline one of the FW it works in both case ( sometimes one entry only and sometimes two, but both will go thourgh the same FW of course). I have set up the state sync for both FW1 and set up $SBHOME/etc/filter.conf as follow: mode = dynamic node = all ignore-port = 20 21 ip static-nat = 10.0.0.0 netmask 255.255.255.0 xx ip static-nat = 202.xx.xx.xx netmask 255.255.255.0 xxxxxxx I can't remember the content of filter.conf exactly but I think they are correct as the stonebeat don't complain when I click "reconfigure" in the stonebeat GUI. Could anyone pls give me some hint on the problem? It is strange that sometimes it only log one entry as the ftp-server should reply to the client when the connection is made, and it is more strange that it is a success connection! It is a any-any-any-accept rule in the FW policy so I guess I am not missing anything in the log viewer... Pls help. Thanks in advance. laiben ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|