[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Possible FTP timeouts from MS boxes
I am not sure this is correct. The problem I have seen is that the port allocated to be used is that of an existing service. Firewall-1 will reject that for ftp's as its a bad idea - but a bloody pain as well. Check your logs - you should see rejects and info details the port number. Check www.phoneboy.com for the details. The reason it fails on lots of small files, is the port number increments each time and conflicts after a while. Simon -----Original Message----- From: Devendra Murmu [mailto:[email protected]] Sent: Monday, 27 August 2001 19:23 To: [email protected]; [email protected] Subject: Re: [FW1] Possible FTP timeouts from MS boxes Mike, This is definitely MS problem. I have seen this before and had the same problem. One solution is to use passive FTP. I have looked at the snoop packets very closely and confirmed this. This is what happens - When active FTP is used the FTP server provides the data connection port, and switches the ports randomly for data transfer. As long as the client is able to treat this port change correctly there is no problem. However the client ( NT box ) somehow cannot handle this properly all the time. So the server has switched the port and now the server as well as the FW-1 are expecting connection on this switched port, but the client somehow does not seem to have the new port info and uses the port used for the previous connection, which the FW-1 religiously rejects/drops it. Good luck !!! Devendra Murmu Salomon Smith Barney 390 Greenwich Street, 6th Floor New York, NY [email protected] >From: "Cross, Michael" <[email protected]> >To: <[email protected]> >Subject: [FW1] Possible FTP timeouts from MS boxes >Date: Wed, 22 Aug 2001 17:26:20 -0400 > >All, > >I am having an issue where I am FTPing a large number of small files >from an NT to a Solaris box in the DMZ. The firewall is allowing the >data through but for some reason the connection gets closed prematurely >ending the FTP before all the files are transferred. > >I had recently moved the solaris box from an old firewall (3.0b) to a >new firewall (4.1). The problem didnt appear until after the move. > >To make matters worse, I have tested it on a few windows boxes and they >all seem to have the same problem...and...I have tested it on a a few >unix boxes and they work without a problem. > >I have spoken with some people who mumble stuff about MS and the IP >stack during FTP, but I have never heard anything about that. > >Has anyone seen this kind of problem before or anything like it? > >Thanks > >MCross _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== *********************************************************************** Confidentiality: This e-mail and its attachments are intended for the above named recipient(s) only and may be confidential and/or privileged. If they have come to you in error you must take no action based on them, nor must you copy or disclose them or any part of their contents to any person or organisation; please reply to this e-mail and highlight the error immediately and delete this e-mail and its attachments from your computer system. Security Warning: Please note that this e-mail has been created in the knowledge that Internet e-mail is not a 100% secure communications medium. We advise that you understand and observe this lack of security when e-mailing us. Viruses: Although we have taken steps to ensure that this e-mail and its attachments are free from any virus, we advise that in keeping with good computing practice the recipient should ensure they are actually virus free *********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|