Hi Ken,
The long banner has already been removed due to problems
with clients as you suspected, so it isn't an issue here. We're running
wu-ftp v2.4 on HPUX 10.01 (being upgraded next week to v2.6.1 on HPUX 10.20).
a 'DIR' command results in the same condition:
200 PORT command successful
150 Opening ASCII data connection for /bin/ls.
--- Hangs here never seems to time out - a <control-c> interrupt returns:
abort: Socket operation on non-socket
abort: Bad file number
421 Service not available, remote server has closed connection
421 Service not available, remote server has closed connection
ftp>
Jim
-----Original Message-----
From: Ken McKinlay [mailto:[email protected]]
Sent: Thursday, February 08, 2001 9:53 AM
To: 'Gadrow, Jim'
Subject: RE: [FW1] Problems with ftp
Jim,
Do they get any error messages or is the connection just
dropped?
If the connection is dropped, try adding a dash '-' to
the front of their
FTP password. For example:
User name: anonymous
Password: [email protected]
<mailto:[email protected]>
If this works, are you using a long banner message in
your FTP service? This
is sometimes a problem for clients.
If an error message, what message?
What version of wu-ftpd are you running?
Does the DIR command return back anything? If it does
and the LS command
shows little or nothing, take a look at the wu-ftpd FAQ
at
http://www.wu-ftpd.org/wu-ftpd-faq.html
<http://www.wu-ftpd.org/wu-ftpd-faq.html>
. Specifically section 11.26. I
had the same problem and it took me a bit to figure it
out :-(
Ken McKinlay
[email protected]
-----Original Message-----
From: Gadrow, Jim [mailto:[email protected]]
Sent: Wednesday, February 07, 2001 15:56
To: '[email protected]'
Subject: [FW1] Problems with ftp
Hoping someone can help. Sorry about the repost, but I
received no response
the first time.
I have an ftp server (WU-FTP) in my DMZ on a separate
interface. I'm running
FW-1 v4.0 sp5 on Solaris 2.6.
Recently I added the ip spoofing rules to the 3 interfaces
on the firewall.
Everything seems to be working fine except for internal
users getting to the
ftp server. The logs show that the connection is accepted,
but the user is
unable to do anything beyond connect, with proper userid
and password. Once
they try an 'ls' or anything else, it fails.
I show no related rejects on rule 0, but if I remove the
ip spoofing rules,
everything works properly.
My anti-spoofing setup is as follows:
External interface -> Others
DMZ interface -> Specific group object which includes
192.168.x.x, external
addresses for all DMZ machines, NAT addresses.
Local interface -> Specific group object which includes
10.x.x.x, NAT
address for 10.x.x.x machines,
Any ideas would be greatly appreciated!
Thanks,
Jim Gadrow
[email protected]