Re: [FW1] FTP can't connect to certain servers.

Robert MacDonald Fri, 23 Jun 2000 11:47:58 -0700

Tim,

I bet you have a long pause between the 200/425
messages.

PASV does not work on Windows boxes. Here is
what a 'normal' NT command line FTP does on
Oracles site(snoop from outside fw)

stayout-nic -> 206.204.55.43 FTP C port=22749
206.204.55.43 -> stayout-nic   FTP R port=22749
  stayout-nic -> 206.204.55.43 FTP C port=22749
206.204.55.43 -> stayout-nic   FTP R port=22749 220-Hello, Welcome t
  stayout-nic -> 206.204.55.43 FTP C port=22749
206.204.55.43 -> stayout-nic   FTP R port=22749 220-\r\n220-\r\n220 web5
  stayout-nic -> 206.204.55.43 FTP C port=22749
  stayout-nic -> 206.204.55.43 FTP C port=22749 USER anonymous\r\n
206.204.55.43 -> stayout-nic   FTP R port=22749
206.204.55.43 -> stayout-nic   FTP R port=22749 331 Guest login ok,
  stayout-nic -> 206.204.55.43 FTP C port=22749
  stayout-nic -> 206.204.55.43 FTP C port=22749 PASS [EMAIL PROTECTED]
206.204.55.43 -> stayout-nic   FTP R port=22749 230 Anonymous login
  stayout-nic -> 206.204.55.43 FTP C port=22749
  stayout-nic -> 206.204.55.43 FTP C port=22749 PORT 208,240,15,3,89
206.204.55.43 -> stayout-nic   FTP R port=22749 200 PORT command suc
  stayout-nic -> 206.204.55.43 FTP C port=22749 NLST\r\n
206.204.55.43 -> stayout-nic   FTP R port=22749
206.204.55.43 -> stayout-nic   FTP R port=22749 425 Can't build data
  stayout-nic -> 206.204.55.43 FTP C port=22749

But notice the difference when I ask IE to do this
with ftp://ftp.oracle.com

stayout-nic -> 206.204.55.43 FTP C port=23676
206.204.55.43 -> stayout-nic   FTP R port=23676
  stayout-nic -> 206.204.55.43 FTP C port=23676
206.204.55.43 -> stayout-nic   FTP R port=23676 220-Hello, Welcome t
  stayout-nic -> 206.204.55.43 FTP C port=23676
206.204.55.43 -> stayout-nic   FTP R port=23676 220-\r\n220-\r\n220 web5
  stayout-nic -> 206.204.55.43 FTP C port=23676 USER anonymous\r\n
206.204.55.43 -> stayout-nic   FTP R port=23676
206.204.55.43 -> stayout-nic   FTP R port=23676 331 Guest login ok,
  stayout-nic -> 206.204.55.43 FTP C port=23676 PASS IEUser@\r\n
206.204.55.43 -> stayout-nic   FTP R port=23676 230 Anonymous login
  stayout-nic -> 206.204.55.43 FTP C port=23676 CWD /\r\n
206.204.55.43 -> stayout-nic   FTP R port=23676 250 CWD command succ
  stayout-nic -> 206.204.55.43 FTP C port=23676 TYPE A\r\n
206.204.55.43 -> stayout-nic   FTP R port=23676 200 Type set to A.\r\n
  stayout-nic -> 206.204.55.43 FTP C port=23676 PASV\r\n
206.204.55.43 -> stayout-nic   FTP R port=23676 227 Entering Passive
  stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Syn Seq=621723 Len=0 Win=8192
206.204.55.43 -> stayout-nic   TCP D=23693 S=45609 Rst Ack=621724 Win=0
  stayout-nic -> 206.204.55.43 FTP C port=23676
  stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Syn Seq=621723 Len=0 Win=8192
206.204.55.43 -> stayout-nic   TCP D=23693 S=45609 Rst Ack=621724 Win=0
  stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Syn Seq=621723 Len=0 Win=8192
206.204.55.43 -> stayout-nic   TCP D=23693 S=45609 Syn Ack=621724 Seq=760474867 Len=0 
Win=6
4240
  stayout-nic -> 206.204.55.43 TCP D=45609 S=23693     Ack=760474868 Seq=621724 Len=0 
Win=8
760
  stayout-nic -> 206.204.55.43 FTP C port=23676 LIST\r\n
206.204.55.43 -> stayout-nic   FTP R port=23676 150 Opening ASCII mo
206.204.55.43 -> stayout-nic   TCP D=23693 S=45609     Ack=621724 Seq=760474868 
Len=256 Win
=64240
206.204.55.43 -> stayout-nic   TCP D=23693 S=45609 Fin Ack=621724 Seq=760475124 Len=0 
Win=6
4240
  stayout-nic -> 206.204.55.43 TCP D=45609 S=23693     Ack=760475125 Seq=621724 Len=0 
Win=8
504
  stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Fin Ack=760475125 Seq=621724 Len=0 
Win=8
504
206.204.55.43 -> stayout-nic   TCP D=23693 S=45609     Ack=621725 Seq=760475125 Len=0 
Win=6
4240
  stayout-nic -> 206.204.55.43 FTP C port=23676
206.204.55.43 -> stayout-nic   FTP R port=23676 226 Transfer complet
  stayout-nic -> 206.204.55.43 FTP C port=23676

As for the others, they are not in passive mode.

HTH.

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> Chilton Tim <[EMAIL PROTECTED]> 6/23/00 10:59:49 AM >>>
>
>I have a minor problem with FTP to certain sites, goes a little like this.
>
>ftp to ftp.compaq.com -- all OK, works via NT command line, WS_FTP, IE5 etc,
>this is the situation for *most* sites
>
>Certain sites like ftp.oracle.com don't work -- I can connect and log in (as
>anonymous), get the welcome message but an "LS" command generates the
>following
>
>200 PORT command successful.
>425 Can't build data connection: No such file or directory.
>
>I also know it is firewall related since a workstation outside the firewall
>can connect properly.
>
>Firewall config is NT, FW1 4.1 and a CVP for FTP amongst other things.
>
>Anyone come across this - and for the high-score a solution to it :-> 
>
>Tim



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
Re: [FW1] FTP can't connect to certain servers.

Reply via email to
