[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Problem with FTP sites
Some FTP servers now attempt to verify the source host with an ident (TCP protocol 113 - auth). Your firewall is probably "dropping" the ident session request since it is an incoming request to establish a TCP session not in the rules. The FTP server times out waiting for a response and never completes the FTP session establishment. The FTP client times out when no response is received from the FTP server. The way around this is to make a rule to "reject" an ident session request to the Firewall external NIC instead of just dropping it. The result is that a session reset is sent to the FTP server's ident service (indicating that ident is not installed at your site), the ident service on the FTP server is happy to get any response and ends normally instead of timing out. The FTP server then continues with a normal FTP session. -----Original Message----- From: Lenen Hernandez [mailto:[email protected]] Sent: Monday, June 04, 2001 10:54 AM To: Fw-1-Mailinglist (E-mail) (E-mail) Subject: [FW1] Problem with FTP sites Hello Gang, I need some help on determining my problem when FTP some sites. Current config: CP 4.1 sp1 running on Windows 2000 server sp1 Problem: When FTPing through any web browser I sometimes get the message "cant connect to Host" I did a tracert to the ftp site and it completes OK Would this be a time-out issues? or could I be blocking it using one of my rules I only had 8 set up.?? Thanks Len ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|