[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] MS FTP behind NAT
Glenn, we have the same need and the very same problem here. It's a router (the one NATing your PCs) issue. Our problem appeared when I replaced our NAT router (a CISCO 1605) with a 2504 with a different configuration. Since, depending on traffic going through the router, it may work or not. For example, in the morning it works perfectly but when people starts browsing, FTP connections fails. Note that it happens with all FTP clients, not only MS FTP but also with Cute FTP or WS FTP Pro. Connecting a laptop directly behind the firewall (bypassing NAT) allows you to connect to a FTP site while on a computer behind the router, it fails. I'm just starting checking the router configuration and associated error messages but I think I''ll probably go back to my previous router. If I find something, I'll let you know. See you soon, Aldo Calzolari, Impiric Interactive France
I'm having a rather irritating problem: someone behind one of our FW-1 firewalls has to use Microsoft's command-line FTP (from win98, win2k, and winnt) as part of a batch script (I know it's junk, but the scripter won't use anything else). I tried it behind a different FW-1, and it worked. Here is the common configuration between the 2 firewalls: - FW-1 4.1 on NT sp 6a - ftp is enabled in the rulebase for outbound connections Here's what's different between the 2 firewalls (firewall A functions properly, firewall B does not): - firewall A is running FW-1 service pack 2, firewall B is running FW-1 service pack 3 - SYNDefender is set to "none" on firewall A and is set to "passive gateway" on firewall B - under "logs and alerts" in Policy > Properties, "log established TCP connections" is checked on firewall A and is unchecked on firewall B. Those are the only differences I can find. What happens when I try to connect to an ftp server behind firewall B is that I can log in, but when I try to do a directory listing or cd to a directory I get an error saying "invalid port command" - no such error from behind firewall A. Any suggestions?? thanks,
|