I had something odd happen as well. My PASSV transfers used to work
fine... one day they stopped. When I enabled Accept FTP PASSV connections,
then they were not working from inside the firewall. When I disabled that
radio button, then they worked properly. It was almost as if it was working
backwards. I'm not sure if thats the way its supposed to... it seems
unlikely.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 11, 2000 2:01 PM
To: Robert MacDonald
Cc: [EMAIL PROTECTED];
[EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: Re: [FW1] FTP can't connect to certain servers.
Hey guys,
I have been experiencing this same problem after installing SP6. We have NT
4.0 SP4 running FW 4.0. Checkpoint recommended disabling PASV FTP Data
Connections, Policy>>>Properties>>>Services>>>Enable FTP PASV Data
Connections Disabling this option corrected my problem and so far has not
broken PASV FTP. I am going to continue to monitor..
Regards,
Jeff Knecht
Network Engineer
Springs Industries
[EMAIL PROTECTED]
"Robert MacDonald"
<[EMAIL PROTECTED]> To:
<[EMAIL PROTECTED]>,
Sent by:
<[EMAIL PROTECTED]>
[EMAIL PROTECTED] cc:
kpoint.com Subject:
Re: [FW1] FTP can't connect to certain servers.
07/11/2000 11:28 AM
Do you see anything in the logs? Are all your rules
logging?
If you don't have that many objects/users to
define, maybe just rebuild using new version.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Joaquim Eudes Mendes Gomide <[EMAIL PROTECTED]> 6/27/00
5:59:03 PM >>>
>
>Robert,
>
>That s the problem. The log says nothing about the connection.
>Has FW-1 anything against MS? ;)) just kidding, there are another sites
>I can t FTP and there are others I can.
>
>Joaquim Gomide
>
>Joaquim,
>
>What does the log say about the 'Entering Passive'
>mode. Does it get dropped/rejected?
>
>Robert
>
>>>> Joaquim Eudes Mendes Gomide <[EMAIL PROTECTED]> 6/27/00
2:30:42 PM >>>
>>
>>Aylton
>>Checked. I can ftp to some sites like ftp.redhat.com, but another sites,
>>I can t.
>>
>>This snoop is a FTP to ftp.redhat.com,
>>
>>Internal Interface
>>208.178.165.228 -> MyMachine FTP R port=31745 257 "/pub" is curren
>>MyMachine -> 208.178.165.228 FTP C port=31745 PASV\r\n
>>208.178.165.228 -> MyMachine FTP R port=31745 227 Entering Passive
>>
>>External Interface
>>MyMachine -> 208.178.165.228 FTP C port=1271 PASV\r\n
>>208.178.165.228 -> MyMachine FTP R port=1271 227 Entering Passive
>>MyMachine -> 208.178.165.228 FTP C port=1271 TYPE A\r\n
>>Everything is OK
>>
----------------------------------------------------------------------------
------
>>
>>This snoop is a FTP to ftp.microsoft.com
>>Internal Interface
>>207.46.133.140 -> MyMachine FTP R port=3285 215 Windows2000\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PWD\r\n
>>207.46.133.140 -> MyMachine FTP R port=3285 257 "/" is current d
>>MyMachine-> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine-> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=3285
>>207.46.133.140 -> MyMachine FTP R port=3285
>>
>>External Interface
>>207.46.133.140 -> MyMachine FTP R port=33664 215 Windows2000\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PWD\r\n
>>207.46.133.140 -> MyMachine FTP R port=33664 257 "/" is current d
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>207.46.133.140 -> MyMachine FTP R port=33664 227 Entering
>>Passive <=====
>>MyMachine -> 207.46.133.140 FTP C port=33664
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=33664 PASV\r\n
>>MyMachine -> 207.46.133.140 FTP C port=34224
>>207.46.133.140 -> MyMachine FTP R port=34224
>>
>>At the external interface we can see the PASV response at the 5th line,
>>but there is no response at the internal interface, so it tries again
>>and again and disconnect. Why? Why RedHat works and MS does not?
>>
>>Any other Tips
>>
>>Thanks
>>
>>Joaquim Gomide
>>
>>Joaquim,
>>
>>I think I have a tip for you.
>>
>>After v4.0 SP3 or 4 (I don't remember, maybe someone in the list can
>>remember) CP stopped its support for some FTP servers that use non
>>default
>>high ports. It caused some discomfort in some cases I've worked on, but
>>I'm
>>not sure if this is your problem.
>>
>>Check if your PASV option from the GUI, just to be sure.
>>
>>Best wishes,
>>
>>Aylton
>>
>>
>>-----Mensagem original-----
>>De: Joaquim Eudes Mendes Gomide <[EMAIL PROTECTED]>
>>Para: fw-list <[EMAIL PROTECTED]>
>>Data: Ter�a-feira, 27 de Junho de 2000 10:08
>>Assunto: Re: [FW1] FTP can't connect to certain servers.
>>
>>
>>>
>>>Hi Aylton,
>>>It s fw-1 V4.0 Build 4156 on Solaris (Sparc). It s stopped after
>>>upgrading from 3.0b.
>>>
>>>Joaquim Gomide
>>>
>>>
>>>Hm.. WHat's your plattaform, version and patch level?
>>>
>>>I thing I may have a tip.
>>>
>>>It never worked or it stopped working after a given event (Ex: patch,
>>>upgrade, change)
>>>
>>>best wishes
>>>
>>>Aylton
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
