[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] FTP Prob - Hanging on NLST
Title: RE: [FW1] FTP Prob - Hanging on NLST
I changed my SYN protection to "Passive SYN Gateway" and everything was fixed.
-----Original Message-----
From: Karyn McCambridge [mailto:[email protected]]
Sent: Thursday, March 08, 2001 2:23 PM
To: [email protected]
Subject: [FW1] FTP Prob - Hanging on NLST
I have a few NAT'd FTP servers inside my CP FW-1 4.1 SP2. I can ping to my
NAT'D IP address of both FTP Servers successfully. I can FTP from the
outside into my MS-FTP Server just fine and issue an LS command and get the
listing just fine. However, on my other FTP Server I can login just fine
and when I issue the LS command it just hangs forever. If I turn on
debugging I see it is a problem with the data connection.
this is where it just sits and sits...
ftp> ls
---> PORT X,X,X,X,143,87
250 PORT command successful
---> NLST
150 Opening ASCII mode data connection
I have turned off FTP PASV in my FW Policy Properties and left FTP PORT ticked.
Here is what my rule looks like for this specific internal host:
SRC = "" Inbound Group DEST= NAT'D HOST SVC= FTP (21) & FTP-DATA (20) &
TCP High Ports and UDP High Ports Action = "">
Anybody have any ideas? I see FTP seems to be a common problem with FW-1.
Thanks,
Karyn
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
