Do you see anything in the logs? Are all your rules
logging?
If you don't have that many objects/users to
define, maybe just rebuild using new version.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Joaquim Eudes Mendes Gomide <[EMAIL PROTECTED]> 6/27/00 5:59:03 PM >>>
>
>Robert,
>
>That s the problem. The log says nothing about the connection.
>Has FW-1 anything against MS? ;)) just kidding, there are another sites
>I can t FTP and there are others I can.
>
>Joaquim Gomide
>
>Joaquim,
>
>What does the log say about the 'Entering Passive'
>mode. Does it get dropped/rejected?
>
>Robert
>
>>>> Joaquim Eudes Mendes Gomide <[EMAIL PROTECTED]> 6/27/00 2:30:42 PM >>>
>>
>>Aylton
>>Checked. I can ftp to some sites like ftp.redhat.com, but another sites,
>>I can t.
>>
>>This snoop is a FTP to ftp.redhat.com,
>>
>>Internal Interface
>>208.178.165.228 -> MyMachine FTP R port=31745 257 "/pub" is curren
>>MyMachine -> 208.178.165.228 FTP C port=31745 PASV\r\n
>>208.178.165.228 -> MyMachine FTP R port=31745 227 Entering Passive
>>
>>External Interface
>>MyMachine -> 208.178.165.228 FTP C port=1271 PASV\r\n
>>208.178.165.228 -> MyMachine FTP R port=1271 227 Entering Passive
>>MyMachine -> 208.178.165.228 FTP C port=1271 TYPE A\r\n
>>Everything is OK
>>----------------------------------------------------------------------------------
>>
>>This snoop is a FTP to ftp.microsoft.com
>>Internal Interface
>>207.46.133.140 -> MyMachine FTP R port=3285 215 Windows2000\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PWD\r\n
>>207.46.133.140 -> MyMachine FTP R port=3285 257 "/" is current d
>>MyMachine-> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine-> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285
>>207.46.133.140 -> MyMachine FTP R port=3285
>>
>>External Interface
>>207.46.133.140 -> MyMachine FTP R port=33664 215 Windows2000\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PWD\r\n
>>207.46.133.140 -> MyMachine FTP R port=33664 257 "/" is current d
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>207.46.133.140 -> MyMachine FTP R port=33664 227 Entering
>>Passive <=====
>>MyMachine -> 207.46.133.140 FTP C port=33664
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=34224
>>207.46.133.140 -> MyMachine FTP R port=34224
>>
>>At the external interface we can see the PASV response at the 5th line,
>>but there is no response at the internal interface, so it tries again
>>and again and disconnect. Why? Why RedHat works and MS does not?
>>
>>Any other Tips
>>
>>Thanks
>>
>>Joaquim Gomide
>>
>>Joaquim,
>>
>>I think I have a tip for you.
>>
>>After v4.0 SP3 or 4 (I don't remember, maybe someone in the list can
>>remember) CP stopped its support for some FTP servers that use non
>>default
>>high ports. It caused some discomfort in some cases I've worked on, but
>>I'm
>>not sure if this is your problem.
>>
>>Check if your PASV option from the GUI, just to be sure.
>>
>>Best wishes,
>>
>>Aylton
>>
>>
>>-----Mensagem original-----
>>De: Joaquim Eudes Mendes Gomide <[EMAIL PROTECTED]>
>>Para: fw-list <[EMAIL PROTECTED]>
>>Data: Ter�a-feira, 27 de Junho de 2000 10:08
>>Assunto: Re: [FW1] FTP can't connect to certain servers.
>>
>>
>>>
>>>Hi Aylton,
>>>It s fw-1 V4.0 Build 4156 on Solaris (Sparc). It s stopped after
>>>upgrading from 3.0b.
>>>
>>>Joaquim Gomide
>>>
>>>
>>>Hm.. WHat's your plattaform, version and patch level?
>>>
>>>I thing I may have a tip.
>>>
>>>It never worked or it stopped working after a given event (Ex: patch,
>>>upgrade, change)
>>>
>>>best wishes
>>>
>>>Aylton
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
