Sorry, The packet which is droped is not the packet which cotains the PORT commande. The packet droped is the Syn which comes from the ftp server to the client (ftp-data).
-- Sebastien Cantos <[EMAIL PROTECTED]> Network / System Manager Neopost DIVA > -----Message d'origine----- > De : Mailing list for discussion of Firewall-1 > [mailto:[EMAIL PROTECTED] De la > part de S�bastien Cantos > Envoy� : mardi 17 mai 2005 17:30 > � : [email protected] > Objet : [FW-1] FW1 and BIGIP problem > > Hi, > > I'm running NG FP3 and Cluster XL (multicast mode) on Linux > platform. I've > something setup like this : > > WAN NET1 NET2 > --- FW --- BIGIP (load balancer) --- FTPD > > I've a problem with active FTP. When a client connects and do a PORT > command, it is silently droped by the firewalls (one time every 2 > connexions). I see the FTPD sending the Syn, nating this Syn. > Then the Syn > comes to the lan interface of the firewall but never reaches the Wan > interface of the firewall. > > Clients are connecting to an ip in routed to the firewall then nated. > For example : > 1/ client connects to 10.10.10.1 (Static nat on the firewall) > 2/ Firewall do Destination NAT and send packets to a VIP on the BIGIP > (192.168.20.10) > 3/ Bigip do Destination NAT and join the FTPD (192.168.21.10) > > I don't understand why the firewall is droping the ftp-data syn. > Is there a way to look at this on the firewalls ? I did > notice nothins on > smartview tracker .... > > Thanks in advance for your answers. > > > Best regards, > -- > Sebastien Cantos <[EMAIL PROTECTED]> > Network / System Manager > Neopost DIVA > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
