Re: [FW-1] ftp connection to rs.internic.net

Wed, 04 Feb 2004 00:20:20 -0800

Hi,

Search for base.def and comment out the line

#DEFINE FTP_ENFORCE_NL

Reinstall policy

My question is why do other sites work perfectly well and rs.internic.net does not?


Crist Clark wrote:
Joe wrote:

Russell Aspinwall wrote:

Good Morning,

When Attempting to establish an ftp connection to rs.internic.net,
from behind a NG-AI R54.

Checking the logs, the first connection is fine

ftp-pasv server 198.41.0.6

The second connection is

ftp-pasv   server   198.41.0.6  blocked - message_info: Port command
ended without a new line

Does this have to be forwarded to internic.net? 

 > Hi Russel,
 >
 > look at Solution sk22632 in the Check Point SecureKnowledgeBase.
 > You will find the solution there....

I can reproduce Russel's original problem. Doing a packet dump of the
traffic, I do not see anything glaringly wrong or non-compliant from the
InterNIC's FTP server.

Joe, I can't seem to find 22632 at Checkpoint's SecureKnowledge. How do
you look up an article by number?

I think this is another manifestation of a Checkpoint bug that I've seen
before. FW-1 demands that the data in each TCP segment end with a \r\n
sequence. That's bogus. Yes, each line in the FTP conversation must end
with a \r\n, but there is no reason that a line cannot be broken across
two or more TCP segments. The FTP clients and servers, who only see the
reassembled stream, don't care how segments are broken up, why should
the firewall?
--
Crist J. Clark                               [EMAIL PROTECTED]
Globalstar Communications                                (408) 933-4387

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================



--

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to