[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] ftp data blocking problem
This sounds exactly like an Active/Passive FTP problem. A good detailed explanation of the problem can be found on http://www.slacksite.com/other/ftp.html -JRM -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[email protected]]On Behalf Of Emmons, Tim Sent: Wednesday, October 10, 2001 6:35 PM To: [email protected] Subject: [FW-1] ftp data blocking problem Hi All, I too have a problem with ftp. Mine is somewhat different than I have seen here on the list so here goes: When a user tries to ftp from an area behind the firewall to the internet, the user makes the initial connection, logs in and all is well. As soon as the user tries to do a listing of the remote directory, however, the connection "hangs" Connected to ftp.sun.com. 220-Welcome to Sun Microsystems Corporate FTP Server. 220- 220 ftp FTP server (ftpd Wed Oct 30 23:31:06 PST 1996) ready. Name (ftp.sun.com:root anonymous 331 Guest login ok, send your complete e-mail address as password. Password: 230 Guest login ok, access restrictions apply. ftp> dir 200 PORT command successful. " Hangs here " The session times out (if you have the patience of Job) or control c to get out. The fw log indicates that the ftp session is accepted. Then curiously, the next log entry is a "drop" entry with the source and destination reversed as if it was a new connection. Remedies: I have tried to delete the ftp object from all rules and then delete the ftp object from the database and re-create it as the FAQ's on Checkpoints site indicate. This does NOT WORK for me. Question: has anyone else solved this issue? P.S. the Services tab on the Admin Gui has both Enable FTP Port Data Connections and Enable FTP PASV Connections boxes checked FW Ver is 4.0 VPN+DES+Strong SP8 Tim Emmons [email protected] Lockheed Martin Systems Integration - Owego 1801 Route 17C Owego, NY 13827 ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|