Re: [FW1] ftp connection reset

[Robert MacDonald]

If PASV is on in policy properties, turn it off.
This works the opposite of what it reads.

If I'm not mistaken, Compaq is PASV only.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> [EMAIL PROTECTED] 8/17/00 4:49:27 PM >>>
>
>Hello!
>
>       I'm getting a weird problem whilst trying to connect from an
>internal nated machine to an external ftp server. FYI, I'm using 4.1 SP2
>on Nokia IP440 and the usual stuff is checked (allowing the connection,
>allowing passive/active connections, etc...)
>
>       Ftping works with some servers and don't with others. For example,
>this a tcpdump of the one which works (it stops at the login prompt):
>
>20:34:35.443218 a.b.c.d.10130 > 147.83.2.29.21: S 157350:157350(0) win
>8192 <mss 1460> (DF)
>20:34:35.503627 147.83.2.29.21 > a.b.c.d.10130: S 2774149207:2774149207(0)
>ack 157351 win 8760 <mss 1460> (DF)
>20:34:35.503880 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 0
>20:34:35.504961 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 8760 (DF)
>20:34:35.578264 147.83.2.29.21 > a.b.c.d.10130: P 1:13(12) ack 1 win 8760
>(DF) [tos 0x10]
>20:34:35.766971 a.b.c.d.10130 > 147.83.2.29.21: . ack 13 win 8748 (DF)
>20:34:35.824443 147.83.2.29.21 > a.b.c.d.10130: P 13:164(151) ack 1 win
>8760 (DF) [tos 0x10]
>20:34:35.985845 a.b.c.d.10130 > 147.83.2.29.21: . ack 164 win 8597 (DF)
>
>       a.b.c.d is my machine.
>
>       As you can see everything here is fine. However, when I try to ftp
>to ftp.compaq.com I get:
>
>19:42:45.512310 a.b.c.d.21160 > 161.114.19.247.21: S 27722:27722(0) win
>8192 <mss 1460> (DF)
>19:42:45.695944 161.114.19.247.21 > a.b.c.d.21160: S
>1352086744:1352086744(0) ack 27723 win 8280 <mss 1380> (DF)
>19:42:45.696144 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 0
>19:42:45.697217 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 8280 (DF)
>19:42:45.884541 161.114.19.247.21 > a.b.c.d.21160: P 1:5(4) ack 1 win 8280
>(DF)
>19:42:45.884713 a.b.c.d.21160 > 161.114.19.247.21: R 27723:27723(0) win 0
>(DF)
>
>       As you see, everything's the same until the last step when the
>FW-1 sends a TCP reset to ftp.compaq.com! 
>
>       I've checked that I'm not using the latest ftp enhancements (the
>SP2 specficic ones and they're not enabled), all the ftp bugfixes in the
>Nokia knowledge base that I can find and nothing's helped me.
>
>       Any kind of ideas on what's going on and how to solve it would be
>greatly appreciated.
>
>       Thanks!


-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]