Hi,
FW-1 v4.1 with latest hotfixes (until June 1st)
PC1 is a PPP Dial In user (MTU=576) using MS-Windows
SRV is a FTP Server (Netscape on Solaris) on a 100 Mbps LAN
In between PC1 and SRV there is a FW-1. Strange FTP behaviour started
after upgrading from 4.0. Look at the following snoop (on SRV)
1. 16:33:24.69 PC1.1235 --> SRV.21 SYN
2. 16:33:24.69 SRV.21 --> PC1.1235 SYN/ACK
3. 16:33:24.84 PC1.1235 --> SRV.21 ACK
4. 16:33:24.91 SRV.21 --> PC1.1235 Welcome Tekst (first part)
Length=576, DF flag = 1
5. 16:33:24.91 PC1.1235 --> SRV.21 RST
6. 16:34:25.66 SRV.21 --> PC1.1235 RST
Note:
- Packets snooped on SRV
- Packet 5 is arriving very quickly after packet 4 and seems to be
originated on the firewall. (<10 ms response can not come from PC1)
- FTP Welcome message is around 800 bytes, and because of PPP MTU 576
needs to be send in multiple IP packets. Don't Fragment bit is on
and first FTP packet is send at maximum path MTU.
- Workaround : The welcome message is shortened, so it can be send in
the first FTP packet. Now all seems to be working nice.
Has anyone a hint how to solve this.
Regards,
Marcel
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
