Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Possible FTP timeouts from MS boxes

To: "'Devendra Murmu'" <[email protected]>, [email protected], [email protected]
Subject: RE: [FW1] Possible FTP timeouts from MS boxes
From: "Love, Simon" <[email protected]>
Date: Tue, 28 Aug 2001 14:26:06 +0100
Sender: [email protected]

I am not sure this is correct.

The problem I have seen is that the port allocated to be used is that of an
existing service.  Firewall-1 will reject that for ftp's as its a bad idea -
but a bloody pain as well.

Check your logs - you should see rejects and info details the port number.

Check www.phoneboy.com for the details.

The reason it fails on lots of small files, is the port number increments
each time and conflicts after a while.

Simon

-----Original Message-----
From: Devendra Murmu [mailto:[email protected]]
Sent: Monday, 27 August 2001 19:23
To: [email protected];
[email protected]
Subject: Re: [FW1] Possible FTP timeouts from MS boxes



Mike,

This is definitely MS problem. I have seen this before and had the same 
problem. One solution is to use passive FTP.

I have looked at the snoop packets very closely and confirmed this. This is 
what happens -

When active FTP is used the FTP server provides the data connection port, 
and switches the ports randomly for data transfer. As long as the client is 
able to treat this port change correctly there is no problem. However the 
client ( NT box ) somehow cannot handle this properly all the time. So the 
server has switched the port and now the server as well as the FW-1 are 
expecting connection on this switched port, but the client somehow does not 
seem to have the new port info and uses the port used for the previous 
connection, which the FW-1 religiously rejects/drops it.

Good luck !!!

Devendra Murmu
Salomon Smith Barney
390 Greenwich Street, 6th Floor
New York, NY [email protected]



>From: "Cross, Michael" <[email protected]>
>To: <[email protected]>
>Subject: [FW1] Possible FTP timeouts from MS boxes
>Date: Wed, 22 Aug 2001 17:26:20 -0400
>
>All,
>
>I am having an issue where I am FTPing a large number of small files
>from an NT to a Solaris box in the DMZ.  The firewall is allowing the
>data through but for some reason the connection gets closed prematurely
>ending the FTP before all the files are transferred.
>
>I had recently moved the solaris box from an old firewall (3.0b) to a
>new firewall (4.1).  The problem didnt appear until after the move.
>
>To make matters worse, I have tested it on a few windows boxes and they
>all seem to have the same problem...and...I have tested it on a a few
>unix boxes and they work without a problem.
>
>I have spoken with some people who mumble stuff about MS and the IP
>stack during FTP, but I have never heard anything about that.
>
>Has anyone seen this kind of problem before or anything like it?
>
>Thanks
>
>MCross


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


***********************************************************************
Confidentiality: This e-mail and its attachments are intended for the
above named recipient(s) only and may be confidential and/or
privileged. If they have come to you in error you must take no action 
based on them, nor must you copy or disclose them or any part of their 
contents to any person or organisation; please reply to this e-mail 
and highlight the error immediately and delete this e-mail and its 
attachments from your computer system.

Security Warning: Please note that this e-mail has been created in the 
knowledge that Internet e-mail is not a 100% secure communications 
medium. We advise that you understand and observe this lack of 
security  when e-mailing us.

Viruses: Although we have taken steps to ensure that this e-mail and 
its attachments are free from any virus, we advise that in keeping 
with  good computing practice the recipient should ensure they are 
actually  virus free
***********************************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Put License problem
Next by Date: Re: [FW1] Firewall Managmenet Logging - Administrator Activity
Previous by thread: Re: [FW1] Possible FTP timeouts from MS boxes
Next by thread: RE: [FW1] Fw: ip conflict and firewall crash
Index(es):
- Date
- Thread