Pere,
I believe i was having the same issue after SP2 upgrade. If I am correct
it's due to the fact that not all ftp's end their FTP headers with \r\n. If
FW-1 doesn't see it, it'll drop the connection. I was getting past the
login, but right after I typed the password and hit return I was getting
"Connection closed by remote host" I edited $FWDIR/lib/base.def and
commented out #define FTP_ENFORCE_NL
That fixed it for me...
Later
Gary Portnoy
Network Administrator
[EMAIL PROTECTED]
>Date: Thu, 17 Aug 2000 21:49:27 +0100 (BST)
>From: Pere Camps <[EMAIL PROTECTED]>
>Subject: [FW1] ftp connection reset
>
>Hello!
>
> I'm getting a weird problem whilst trying to connect from an
>internal nated machine to an external ftp server. FYI, I'm using 4.1 SP2
>on Nokia IP440 and the usual stuff is checked (allowing the connection,
>allowing passive/active connections, etc...)
>
> Ftping works with some servers and don't with others. For example,
>this a tcpdump of the one which works (it stops at the login prompt):
>
>20:34:35.443218 a.b.c.d.10130 > 147.83.2.29.21: S 157350:157350(0) win
>8192 <mss 1460> (DF)
>20:34:35.503627 147.83.2.29.21 > a.b.c.d.10130: S 2774149207:2774149207(0)
>ack 157351 win 8760 <mss 1460> (DF)
>20:34:35.503880 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 0
>20:34:35.504961 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 8760 (DF)
>20:34:35.578264 147.83.2.29.21 > a.b.c.d.10130: P 1:13(12) ack 1 win 8760
>(DF) [tos 0x10]
>20:34:35.766971 a.b.c.d.10130 > 147.83.2.29.21: . ack 13 win 8748 (DF)
>20:34:35.824443 147.83.2.29.21 > a.b.c.d.10130: P 13:164(151) ack 1 win
>8760 (DF) [tos 0x10]
>20:34:35.985845 a.b.c.d.10130 > 147.83.2.29.21: . ack 164 win 8597 (DF)
>
> a.b.c.d is my machine.
>
> As you can see everything here is fine. However, when I try to ftp
>to ftp.compaq.com I get:
>
>19:42:45.512310 a.b.c.d.21160 > 161.114.19.247.21: S 27722:27722(0) win
>8192 <mss 1460> (DF)
>19:42:45.695944 161.114.19.247.21 > a.b.c.d.21160: S
>1352086744:1352086744(0) ack 27723 win 8280 <mss 1380> (DF)
>19:42:45.696144 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 0
>19:42:45.697217 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 8280 (DF)
>19:42:45.884541 161.114.19.247.21 > a.b.c.d.21160: P 1:5(4) ack 1 win 8280
>(DF)
>19:42:45.884713 a.b.c.d.21160 > 161.114.19.247.21: R 27723:27723(0) win 0
>(DF)
>
> As you see, everything's the same until the last step when the
>FW-1 sends a TCP reset to ftp.compaq.com!
>
> I've checked that I'm not using the latest ftp enhancements (the
>SP2 specficic ones and they're not enabled), all the ftp bugfixes in the
>Nokia knowledge base that I can find and nothing's helped me.
>
> Any kind of ideas on what's going on and how to solve it would be
>greatly appreciated.
>
> Thanks!
>
>- -- p.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
