Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Problems with ftp

To: "Gadrow, Jim" <[email protected]>
Subject: Re: [FW1] Problems with ftp
From: CryptoTech <[email protected]>
Date: Fri, 09 Feb 2001 09:49:45 -0500
Cc: "'Ken McKinlay'" <[email protected]>, "'[email protected]'" <[email protected]>
References: <[email protected]>
Reply-to: [email protected]
Sender: [email protected]

Jim,
Two questions:
Is nat occurring between the DMZ and the internal net, if so, is this really necessary?
Second question, are you using static or hide nat for the client connections?

Regards,
CryptoTech

"Gadrow, Jim" wrote:

Hi Ken,
The long banner has already been removed due to problems with clients as you suspected, so it isn't an issue here. We're running wu-ftp v2.4 on HPUX 10.01 (being upgraded next week to v2.6.1 on HPUX 10.20).
a 'DIR' command results in the same condition:
200 PORT command successful
150 Opening ASCII data connection for /bin/ls.
           --- Hangs here never seems to time out - a <control-c> interrupt returns:
abort: Socket operation on non-socket
abort: Bad file number
421 Service not available, remote server has closed connection
421 Service not available, remote server has closed connection
ftp>
Jim
-----Original Message-----
From: Ken McKinlay [mailto:[email protected]]
Sent: Thursday, February 08, 2001 9:53 AM
To: 'Gadrow, Jim'
Subject: RE: [FW1] Problems with ftp
Jim,
Do they get any error messages or is the connection just dropped?
If the connection is dropped, try adding a dash '-' to the front of their
FTP password. For example:
    User name:   anonymous
    Password:    [email protected] <mailto:[email protected]>
If this works, are you using a long banner message in your FTP service? This
is sometimes a problem for clients.
If an error message, what message?
What version of wu-ftpd are you running?
Does the DIR command return back anything? If it does and the LS command
shows little or nothing, take a look at the wu-ftpd FAQ at
http://www.wu-ftpd.org/wu-ftpd-faq.html
<http://www.wu-ftpd.org/wu-ftpd-faq.html> . Specifically section 11.26. I
had the same problem and it took me a bit to figure it out :-(

Ken McKinlay

[email protected]

-----Original Message-----
From: Gadrow, Jim [mailto:[email protected]]
Sent: Wednesday, February 07, 2001 15:56
To: '[email protected]'
Subject: [FW1] Problems with ftp

Hoping someone can help. Sorry about the repost, but I received no response
the first time.
I have an ftp server (WU-FTP) in my DMZ on a separate interface. I'm running
FW-1 v4.0 sp5 on Solaris 2.6.
Recently I added the ip spoofing rules to the 3 interfaces on the firewall.
Everything seems to be working fine except for internal users getting to the
ftp server. The logs show that the connection is accepted, but the user is
unable to do anything beyond connect, with proper userid and password. Once
they try an 'ls' or anything else, it fails.
I show no related rejects on rule 0, but if I remove the ip spoofing rules,
everything works properly.
My anti-spoofing setup is as follows:
External interface -> Others
DMZ interface -> Specific group object which includes 192.168.x.x, external
addresses for all DMZ machines, NAT addresses.
Local interface -> Specific group object which includes 10.x.x.x, NAT
address for 10.x.x.x machines,
Any ideas would be greatly appreciated!
Thanks,
Jim Gadrow
[email protected]

References:
- RE: [FW1] Problems with ftp
  - From: "Gadrow, Jim" <[email protected]>

Prev by Date: Re: [FW1] Why does i have many pakets of this type
Next by Date: Re: [FW1] Questions about CheckPoint 2000 Enteprise Suite -SP2 + Linux
Previous by thread: RE: [FW1] Problems with ftp
Next by thread: RE: [FW1] Problems with ftp
Index(es):
- Date
- Thread