Simer Mayo wrote: > > The users are on the inside interface behind the PIX firewall > and are trying > to make an pftp connection to the outside world. They are being > authenticated > from the outside server but then the section hangs trying to do > a list > command. The fixup protocol port 21 is enable on PIX and there > is no explicit > outbound restriction from the inside interface. The outside > server is using > port range 40000-40020 for passive FTP. I tried enabling this > range on the > fixup protocol too but it didn't work. > > Please advice > > Thanks much > > SM > > FTP is notorious for causing problems on networks with firewalls. I have actually run into cases where it simply would not work due to unconfigurable applications and a combination of network and personal firewalls.
FTP is also problematic on networks with NAT because the IP address appears in the PORT command (when active is used) and in the server's reply to the client's PASV command (when passive is used). So, I wrote a white paper on FTP (finally, I've been meaning to do this for a while.) It is available from this page: http://www.troubleshootingnetworks.com/resources.html Hope it helps! Priscilla P.S. By the way, as the paper mentions, if your use for FTP is limited to updating Web pages, there is an alternative: a new protocol called Web-based Distributed Authoring and Versioning (WebDAV). WebDAV is a set of extensions to the Hypertext Transfer Protocol (HTTP) to allow users to collaboratively edit and manage files on remote Web servers. See RFC 2518 for more information. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=48444&t=48357 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
