this one might seem a bit odd. I have two firewalls, unfortunately, one of them is still running 3.8 and will be upgraded in the next week or two. Until then, I have a problem. I upgraded the second last night and immediately had problems with FTP. they are setup as such:
inside network ---> fw1 -- dmz network --> fw2 ---> internet fw1 is 4.0 fw2 is 3.8 here is what is weird. I have their respective ftp-proxy running on each, prior to the upgrade of fw1 to 4.0, I could ftp from the inside network to the DMZ and out to the internet. Since last night, I cannot. Here is what I can do: 1) ftp from inside to dmz 2) ftp from dmz to internet However, the 4.0 ftp-proxy and the 3.8 ftp-proxy don't seem to like working with each other. When I attempt to ftp from the inside network all the way out to the internet, I can get connected, but if I attempt to do a transfer I receive a 'connection refused'. Here is the output of 'ftp': $ ftp openbsd.mirrors.pair.com Connected to openbsd.mirrors.pair.com. 220 openbsd.mirrors.pair.com NcFTPd Server (licensed copy) ready. Name (openbsd.mirrors.pair.com:rcorder): ftp 331 Guest login ok, send your complete e-mail address as password. Password: [snip out ASCII art] 230 Logged in anonymously. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 500 EPSV command not understood 227 Entering Passive Mode (216,92,2,143,206,192) 200 PORT command successful. 550 Cannot connect to xxx.xxx.xxx.xxx:54585 - Connection refused. ftp>bye $ now, here is the kicker...neither firewall is blocking ANYTHING...not a thing shows up via tcpdump on pflog0. from the looks of the output from the 550 message from the FTP server, my old 3.8 acts like it isn't proxying properly the FTP traffic coming from the 4.0 firewall. As of last night, it was, but not since the move of 4.0. is there something different about the way that the 4.0 ftp-proxy translates that would make the 3.8 ftp-proxy not act the same? TIA, ryanc -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219-4444 ext. 646 [demime 1.01d removed an attachment of type application/pgp-signature which had a name of signature.asc]