NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Possible FTP timeouts from MS boxes




Mike,


This is definitely MS problem. I have seen this before and had the same problem. One solution is to use passive FTP.

I have looked at the snoop packets very closely and confirmed this. This is what happens -

When active FTP is used the FTP server provides the data connection port, and switches the ports randomly for data transfer. As long as the client is able to treat this port change correctly there is no problem. However the client ( NT box ) somehow cannot handle this properly all the time. So the server has switched the port and now the server as well as the FW-1 are expecting connection on this switched port, but the client somehow does not seem to have the new port info and uses the port used for the previous connection, which the FW-1 religiously rejects/drops it.

Good luck !!!

Devendra Murmu
Salomon Smith Barney
390 Greenwich Street, 6th Floor
New York, NY [email protected]



From: "Cross, Michael" <[email protected]>
To: <[email protected]>
Subject: [FW1] Possible FTP timeouts from MS boxes
Date: Wed, 22 Aug 2001 17:26:20 -0400

All,

I am having an issue where I am FTPing a large number of small files
from an NT to a Solaris box in the DMZ.  The firewall is allowing the
data through but for some reason the connection gets closed prematurely
ending the FTP before all the files are transferred.

I had recently moved the solaris box from an old firewall (3.0b) to a
new firewall (4.1).  The problem didnt appear until after the move.

To make matters worse, I have tested it on a few windows boxes and they
all seem to have the same problem...and...I have tested it on a a few
unix boxes and they work without a problem.

I have spoken with some people who mumble stuff about MS and the IP
stack during FTP, but I have never heard anything about that.

Has anyone seen this kind of problem before or anything like it?

Thanks

MCross


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



================================================================================
    To unsubscribe from this mailing list, please see the instructions at
              http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.