|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] ftp data blocking problem
this is a known problem with some ftp servers because they do not send a n/l character at the end of the port command. The firewall in turn, expecting such a character, will just hang there waiting for it. You need to modify the fwui_head.def on the management station and do a search for ENFORCE_NEW_LINE (or something to those effects) and comment that line out by adding a // to the begining of the line. This should resolve it. If this isn't the case then you need to look at a couple of things. What port does the server attempt to talk back on and is it trying to use a port that is a pre-defined service (firewall really dislikes this one). Just someplace to start. -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Emmons, Tim Sent: Wednesday, October 10, 2001 6:35 PM To: [email protected] Subject: [FW-1] ftp data blocking problem Hi All, I too have a problem with ftp. Mine is somewhat different than I have seen here on the list so here goes: When a user tries to ftp from an area behind the firewall to the internet, the user makes the initial connection, logs in and all is well. As soon as the user tries to do a listing of the remote directory, however, the connection "hangs" Connected to ftp.sun.com. 220-Welcome to Sun Microsystems Corporate FTP Server. 220- 220 ftp FTP server (ftpd Wed Oct 30 23:31:06 PST 1996) ready. Name (ftp.sun.com:root anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 230 Guest login ok, access restrictions apply. ftp> dir 200 PORT command successful. " Hangs here " The session times out (if you have the patience of Job) or control c to get out. The fw log indicates that the ftp session is accepted. Then curiously, the next log entry is a "drop" entry with the source and destination reversed as if it was a new connection. Remedies: I have tried to delete the ftp object from all rules and then delete the ftp object from the database and re-create it as the FAQ's on Checkpoints site indicate. This does NOT WORK for me. Question: has anyone else solved this issue? P.S. the Services tab on the Admin Gui has both Enable FTP Port Data Connections and Enable FTP PASV Connections boxes checked FW Ver is 4.0 VPN+DES+Strong SP8 Tim Emmons [email protected] Lockheed Martin Systems Integration - Owego 1801 Route 17C Owego, NY 13827 ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
