Greg,
Are the sequence numbers lining up OK? What's
the data of the Push/Ack and Ack that follows?
Are you using SYN-Defender? If so, test without.
Have you tried disabling the passive mode? It
appears to work in reverse of what the option
says. Are you using the 'fw sam' feature?
The 172.17.x.x is you sanitizing your post? (You
mentioned no NAT in the original post.)
You haven't mentioned if SP1 and hot fix(es)
you have. If your straight v4.1, maybe apply
them and test again. Test disabling passive
first. This would be a quick test and very little
interruption - I don't think this is the problem,
but it can't hurt to test.
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> Tucker, Greg <[EMAIL PROTECTED]> 7/14/00 1:30:07 PM >>>
>I haven't been able to get back to this until now.
>
>Here's what an iptrace run at the firewall shows (the I or E at the
>beginning is the firewall interface, I = Internal & E = External):
>
>I 172.17.1.201 --- Syn ------> 207.25.253.26
>E 172.17.1.201 --- Syn ------> 207.25.253.26
>E 172.17.1.201 <-- Syn/Ack --- 207.25.253.26
>I 172.17.1.201 <-- Syn/Ack --- 207.25.253.26
>I 172.17.1.201 --- Ack ------> 207.25.253.26
>E 172.17.1.201 --- Ack ------> 207.25.253.26
>E 172.17.1.201 <-- Push/Ack -- 207.25.253.26
>I 172.17.1.201 <-- Push/Ack -- 207.25.253.26
>E 172.17.1.201 <-- Ack ------- 207.25.253.26
>E 172.17.1.201 --- RST ------> 207.25.253.26 <---- Must have been issued by
>the firewall
>I 172.17.1.201 --- Ack ------> 207.25.253.26
>E 172.17.1.201 --- Ack ------> 207.25.253.26
>E 172.17.1.201 <-- RST ------- 207.25.253.26
>I 172.17.1.201 <-- RST ------- 207.25.253.26
>
>The log shows the same as before, accept.
>It looks like the firewall is sending the reset, since it did not originate
>from my machine.
>Why would it do that?
>
>Here's the URL I was going to
>ftp://ftp.software.ibm.com/software/cics/pdf/dfha800.pdf
>
>-----Original Message-----
>From: [EMAIL PROTECTED]
>[mailto:[EMAIL PROTECTED]]On Behalf Of
>Robert MacDonald
>Sent: Monday, June 05, 2000 12:52 PM
>To: [EMAIL PROTECTED]; Tucker, Greg
>Cc: [EMAIL PROTECTED]
>Subject: RE: [FW1] FTP gets Network Error: Connection reset by peer
>
>Greg,
>
>Wow, Enteract has two customers. You and Lance ;-) For the
>longest time, I thought Lance was Enteract.
>
>Sorry...
>
>You need to sniff the connection between you and the fw and
>between the fw and IBM. What do you see?
>
>In both, you should see three way handshake(this is why fw-1
>has a log entry). Then you should see another packet with the
>'Connected to service.boulder.ibm.com. 220-yada, yada yada'.
>You will see ACK packets in bewteen. Then you see???
>
>Have you applied SP1 and patch to SP1 for your system? btw,
>what is your setup?
>
>Robert
>
>- -
>Robert P. MacDonald, Network Engineer
>e-Business Infrastructure
>G o r d o n F o o d S e r v i c e
>Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
>>>> Tucker, Greg <[EMAIL PROTECTED]> 6/5/00 10:19:19 AM >>>
>>
>>Passive is already enabled.
>>
>>-----Original Message-----
>>From: Amit Saha [mailto:[EMAIL PROTECTED]]
>>Sent: Saturday, June 03, 2000 10:30 AM
>>To: Tim O'Connor; Tucker, Greg
>>Cc: [EMAIL PROTECTED]
>>Subject: RE: [FW1] FTP gets Network Error: Connection reset by peer
>>
>>I think u can check if u have disabled the Passive FTP service in the fw's
>>properties tab. enable it and give it a try.
>>
>>Warm Regards,
>>
>>Amit Saha
>>Specialist - Network Security
>>HCL Comnet Systems & Services Ltd.
>>Mumbai, India.
>>
>>Tel. : 91-22-654 1986
>>Fax : 91-22-654 1475
>>Mobile : 98200 50005
>>Mail id : [EMAIL PROTECTED]
>>Web address : www.hclcomnet.com
>>
>>"This correspondence is for the named person's use only. It may contain
>>confidential or legally privileged information or both. No
>>confidentiality or privilege is waived or lost by any mistransmission.
>>If you receive this correspondence in error, please immediately delete
>>it from your system and notify the sender. You must not disclose, copy
>>or rely on any part of this correspondence if you are not the intended
>>recipient."
>>
>>
>>-----Original Message-----
>>From: Tim O'Connor [mailto:[EMAIL PROTECTED]]
>>Sent: Saturday, June 03, 2000 4:14 AM
>>To: [EMAIL PROTECTED]
>>Cc: [EMAIL PROTECTED]
>>Subject: Re: [FW1] FTP gets Network Error: Connection reset by peer
>>
>>Looks like the server is cutting you off.
>>Looks like they might be checking DNS when connecting.
>>
>>Check your DNS
>>
>>Make sure that forward matches reverse.
>>
>>At 05:25 PM 6/2/00, Tucker, Greg wrote:
>>>When I click on a link to an specific IBM FTP site (and one other site
>>>that I know of), I immediately get:
>>>
>>>A network error occurred while Netscape was receiving data.
>>>(Network Error: Connection reset by peer)
>>>Try Connecting again.
>>>
>>>The log shows only the outgoing request from my machine with no other
>>entry.
>>>
>>>When I try to go to the same site using FTP from an MSDOS window, I get:
>>>
>>>C:\>ftp <ftp://ftp.software.ibm.com>ftp.software.ibm.com
>>>Connected to service.boulder.ibm.com.
>>>220-***************************************
>>>Connection closed by remote host.
>>>
>>>Again, in the log I only see my outgoing request and no other log entries
>>>that refer to my address or the destination (either as a source or a
>>>destination).
>>>
>>>I currently am logging everything.
>>>I have Log Implied Rules checked.
>>>No Nat being done at the firewall.
>>>
>>>It appears, since there are no other log entries, that the reset must be
>>>coming from the firewall itsself.
>>>If I put a machine on the Internet interface, the FTP works fine.
>>>
>>>Any ideas?
>>>
>>>I've checked through the archives and found what looked like the same
>>>problem but a solution was never suggested.
>>
>>Tim O'Connor
>>[EMAIL PROTECTED]
>>[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
