Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Connection reset after login to FTP server?

To: [email protected]
Subject: Re: [FW-1] Connection reset after login to FTP server?
From: Juan Concepcion <[email protected]>
Date: Fri, 4 Jan 2002 09:51:35 +0800
Comments: To: "Scheidel, Greg (Contractor)" <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Could also be the fact that the firewall, by default, expect an end of line response from the ftp server, when it doesn't get one then it just hangs for a very long time until the connection eventually times out.  There is a modification to the base.def which is to comment out the line "ENFORCE_NEW_LINE" by adding a // to the front of it.  This change is made on the management station and then push a policy down to the modules.  I believe this should resolve your issue.

-----Original Message-----
From: "Scheidel, Greg (Contractor)" <[email protected]>
Date:         Wed, 2 Jan 2002 16:17:06 -0500
To: [email protected]
Subject:      Re: [FW-1] Connection reset after login to FTP server?


> Kevin Martin:
> > Some ftp servers want to know who you are coming
> > in (name resolution).  If they can't do a reverse
> > lookup on your ip address they may send an ident
> > request.  When this fails, they drop the connection.
> > This is what I suspect is happening to your connection.
>
> Assuming you manage your own SOA...
>
> Check your logs for DNS & ident queries from the FTP server.  Check your DNS
> server logs for reverse lookups against the client's IP address (or against
> the IP address that the client is seen as by the FTP server, if you're doing
> any NATing).
>
> If this turns out to be the case, consider putting up an rwall service so
> that reverse lookups for internal user IP addresses are given a generic
> response.  Info on one such service at http://cr.yp.to/djbdns/walldns.html.
>
> Greg S.
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>

--

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?
Next by Date: Re: [FW-1] NG - UNACCEPTABLE!!! Re: WAS Is NG ready for general use ?
Previous by thread: Re: [FW-1] Connection reset after login to FTP server?
Next by thread: Re: [FW-1] Need Software for CP Realsecure 3.2
Index(es):
- Date
- Thread