I'm not offended. But CP seemed to have changed
the behavior of the PASV checkbox in policy
properties between SP's/versions. I'm not sure where
it happened, but if you look through the archives, you'll
find that some have it one way(on w/older ver/SP's) and
others are required to uncheck(newer ver/SP's)
For me, I have to have it off, or PASV doesn't work.
Robert
>>> Tucker, Greg <[EMAIL PROTECTED]> 8/17/00 5:50:46 PM >>>
>Please don't be offended by this.
>
>You might want to research this further.
>I've found that checking the PASV box is required to allow passive ftp.
>
>I have run traces that indicate that unchecking the box disallows PASV.
>
>I resolved the reset problem with compaq by applying the change found at
>http://www.checkpoint.com/techsupport/alerts/pasvftp.html
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of
>Robert MacDonald
>Sent: Thursday, August 17, 2000 4:00 PM
>To: [EMAIL PROTECTED];
>[EMAIL PROTECTED]; [EMAIL PROTECTED];
>[EMAIL PROTECTED]
>Subject: Re: [FW1] ftp connection reset
>
>If PASV is on in policy properties, turn it off.
>This works the opposite of what it reads.
>
>If I'm not mistaken, Compaq is PASV only.
>
>Robert
>
>- -
>Robert P. MacDonald, Network Engineer
>e-Business Infrastructure
>G o r d o n F o o d S e r v i c e
>Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
>>>> [EMAIL PROTECTED] 8/17/00 4:49:27 PM >>>
>>
>>Hello!
>>
>> I'm getting a weird problem whilst trying to connect from an
>>internal nated machine to an external ftp server. FYI, I'm using 4.1 SP2
>>on Nokia IP440 and the usual stuff is checked (allowing the connection,
>>allowing passive/active connections, etc...)
>>
>> Ftping works with some servers and don't with others. For example,
>>this a tcpdump of the one which works (it stops at the login prompt):
>>
>>20:34:35.443218 a.b.c.d.10130 > 147.83.2.29.21: S 157350:157350(0) win
>>8192 <mss 1460> (DF)
>>20:34:35.503627 147.83.2.29.21 > a.b.c.d.10130: S 2774149207:2774149207(0)
>>ack 157351 win 8760 <mss 1460> (DF)
>>20:34:35.503880 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 0
>>20:34:35.504961 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 8760 (DF)
>>20:34:35.578264 147.83.2.29.21 > a.b.c.d.10130: P 1:13(12) ack 1 win 8760
>>(DF) [tos 0x10]
>>20:34:35.766971 a.b.c.d.10130 > 147.83.2.29.21: . ack 13 win 8748 (DF)
>>20:34:35.824443 147.83.2.29.21 > a.b.c.d.10130: P 13:164(151) ack 1 win
>>8760 (DF) [tos 0x10]
>>20:34:35.985845 a.b.c.d.10130 > 147.83.2.29.21: . ack 164 win 8597 (DF)
>>
>> a.b.c.d is my machine.
>>
>> As you can see everything here is fine. However, when I try to ftp
>>to ftp.compaq.com I get:
>>
>>19:42:45.512310 a.b.c.d.21160 > 161.114.19.247.21: S 27722:27722(0) win
>>8192 <mss 1460> (DF)
>>19:42:45.695944 161.114.19.247.21 > a.b.c.d.21160: S
>>1352086744:1352086744(0) ack 27723 win 8280 <mss 1380> (DF)
>>19:42:45.696144 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 0
>>19:42:45.697217 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 8280 (DF)
>>19:42:45.884541 161.114.19.247.21 > a.b.c.d.21160: P 1:5(4) ack 1 win 8280
>>(DF)
>>19:42:45.884713 a.b.c.d.21160 > 161.114.19.247.21: R 27723:27723(0) win 0
>>(DF)
>>
>> As you see, everything's the same until the last step when the
>>FW-1 sends a TCP reset to ftp.compaq.com!
>>
>> I've checked that I'm not using the latest ftp enhancements (the
>>SP2 specficic ones and they're not enabled), all the ftp bugfixes in the
>>Nokia knowledge base that I can find and nothing's helped me.
>>
>> Any kind of ideas on what's going on and how to solve it would be
>>greatly appreciated.
>>
>> Thanks!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
