Re: [FW-1] ftp connection to rs.internic.net

Tue, 03 Feb 2004 15:00:00 -0800

see inline ....

Crist Clark wrote:
Joe wrote:

Russell Aspinwall wrote:

Good Morning,

When Attempting to establish an ftp connection to rs.internic.net,
from behind a NG-AI R54.

Checking the logs, the first connection is fine

ftp-pasv server 198.41.0.6

The second connection is

ftp-pasv   server   198.41.0.6  blocked - message_info: Port command
ended without a new line

Does this have to be forwarded to internic.net? 

 > Hi Russel,
 >
 > look at Solution sk22632 in the Check Point SecureKnowledgeBase.
 > You will find the solution there....

I can reproduce Russel's original problem. Doing a packet dump of the
traffic, I do not see anything glaringly wrong or non-compliant from the
InterNIC's FTP server.

Joe, I can't seem to find 22632 at Checkpoint's SecureKnowledge. How do
you look up an article by number?


log in to the SecureKnowledgeBase - you need an account with access to
the advanced Database. The public Database won't bring you the result...
After login go to the "Advanced Search" an type "sk22632" (without
quotas) in the "Include all of the words" field....
This will result in one hit.

HTH,

Joe

I think this is another manifestation of a Checkpoint bug that I've seen
before. FW-1 demands that the data in each TCP segment end with a \r\n
sequence. That's bogus. Yes, each line in the FTP conversation must end
with a \r\n, but there is no reason that a line cannot be broken across
two or more TCP segments. The FTP clients and servers, who only see the
reassembled stream, don't care how segments are broken up, why should
the firewall?
--
Crist J. Clark                               [EMAIL PROTECTED]
Globalstar Communications                                (408) 933-4387

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================



=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to