I haven't been able to get back to this until now.
Here's what an iptrace run at the firewall shows (the I or E at the
beginning is the firewall interface, I = Internal & E = External):
I 172.17.1.201 --- Syn ------> 207.25.253.26
E 172.17.1.201 --- Syn ------> 207.25.253.26
E 172.17.1.201 <-- Syn/Ack --- 207.25.253.26
I 172.17.1.201 <-- Syn/Ack --- 207.25.253.26
I 172.17.1.201 --- Ack ------> 207.25.253.26
E 172.17.1.201 --- Ack ------> 207.25.253.26
E 172.17.1.201 <-- Push/Ack -- 207.25.253.26
I 172.17.1.201 <-- Push/Ack -- 207.25.253.26
E 172.17.1.201 <-- Ack ------- 207.25.253.26
E 172.17.1.201 --- RST ------> 207.25.253.26 <---- Must have been issued by
the firewall
I 172.17.1.201 --- Ack ------> 207.25.253.26
E 172.17.1.201 --- Ack ------> 207.25.253.26
E 172.17.1.201 <-- RST ------- 207.25.253.26
I 172.17.1.201 <-- RST ------- 207.25.253.26
The log shows the same as before, accept.
It looks like the firewall is sending the reset, since it did not originate
from my machine.
Why would it do that?
Here's the URL I was going to
ftp://ftp.software.ibm.com/software/cics/pdf/dfha800.pdf
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of
Robert MacDonald
Sent: Monday, June 05, 2000 12:52 PM
To: [EMAIL PROTECTED]; Tucker, Greg
Cc: [EMAIL PROTECTED]
Subject: RE: [FW1] FTP gets Network Error: Connection reset by peer
Greg,
Wow, Enteract has two customers. You and Lance ;-) For the
longest time, I thought Lance was Enteract.
Sorry...
You need to sniff the connection between you and the fw and
between the fw and IBM. What do you see?
In both, you should see three way handshake(this is why fw-1
has a log entry). Then you should see another packet with the
'Connected to service.boulder.ibm.com. 220-yada, yada yada'.
You will see ACK packets in bewteen. Then you see???
Have you applied SP1 and patch to SP1 for your system? btw,
what is your setup?
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Tucker, Greg <[EMAIL PROTECTED]> 6/5/00 10:19:19 AM >>>
>
>Passive is already enabled.
>
>-----Original Message-----
>From: Amit Saha [mailto:[EMAIL PROTECTED]]
>Sent: Saturday, June 03, 2000 10:30 AM
>To: Tim O'Connor; Tucker, Greg
>Cc: [EMAIL PROTECTED]
>Subject: RE: [FW1] FTP gets Network Error: Connection reset by peer
>
>I think u can check if u have disabled the Passive FTP service in the fw's
>properties tab. enable it and give it a try.
>
>Warm Regards,
>
>Amit Saha
>Specialist - Network Security
>HCL Comnet Systems & Services Ltd.
>Mumbai, India.
>
>Tel. : 91-22-654 1986
>Fax : 91-22-654 1475
>Mobile : 98200 50005
>Mail id : [EMAIL PROTECTED]
>Web address : www.hclcomnet.com
>
>"This correspondence is for the named person's use only. It may contain
>confidential or legally privileged information or both. No
>confidentiality or privilege is waived or lost by any mistransmission.
>If you receive this correspondence in error, please immediately delete
>it from your system and notify the sender. You must not disclose, copy
>or rely on any part of this correspondence if you are not the intended
>recipient."
>
>
>-----Original Message-----
>From: Tim O'Connor [mailto:[EMAIL PROTECTED]]
>Sent: Saturday, June 03, 2000 4:14 AM
>To: [EMAIL PROTECTED]
>Cc: [EMAIL PROTECTED]
>Subject: Re: [FW1] FTP gets Network Error: Connection reset by peer
>
>Looks like the server is cutting you off.
>Looks like they might be checking DNS when connecting.
>
>Check your DNS
>
>Make sure that forward matches reverse.
>
>At 05:25 PM 6/2/00, Tucker, Greg wrote:
>>When I click on a link to an specific IBM FTP site (and one other site
>>that I know of), I immediately get:
>>
>>A network error occurred while Netscape was receiving data.
>>(Network Error: Connection reset by peer)
>>Try Connecting again.
>>
>>The log shows only the outgoing request from my machine with no other
>entry.
>>
>>When I try to go to the same site using FTP from an MSDOS window, I get:
>>
>>C:\>ftp <ftp://ftp.software.ibm.com>ftp.software.ibm.com
>>Connected to service.boulder.ibm.com.
>>220-***************************************
>>Connection closed by remote host.
>>
>>Again, in the log I only see my outgoing request and no other log entries
>>that refer to my address or the destination (either as a source or a
>>destination).
>>
>>I currently am logging everything.
>>I have Log Implied Rules checked.
>>No Nat being done at the firewall.
>>
>>It appears, since there are no other log entries, that the reset must be
>>coming from the firewall itsself.
>>If I put a machine on the Internet interface, the FTP works fine.
>>
>>Any ideas?
>>
>>I've checked through the archives and found what looked like the same
>>problem but a solution was never suggested.
>
>Tim O'Connor
>[EMAIL PROTECTED]
>[EMAIL PROTECTED]
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
