Peter,
Which part do you agree with? Do you have to have
the PASV checked or unchecked?
I responded to the post(below yours) with the following.
- - -
I'm not offended. But CP seemed to have changed
the behavior of the PASV checkbox in policy
properties between SP's/versions. I'm not sure where
it happened, but if you look through the archives, you'll
find that some have it one way(on w/older ver/SP's) and
others are required to uncheck(newer ver/SP's)
For me, I have to have it off, or PASV doesn't work.
- - -
Thanks,
Robert
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>> "Dickson, Peter " <[EMAIL PROTECTED]> 8/21/00 12:10:55 PM >>>
>
>I have used the advise given below regarding the unchecking of the PASV
>settings and on version 4.0 sp7 this most definitely true.
>
> Regards
> Peter Dickson
>
>> -----Original Message-----
>> From: [EMAIL PROTECTED] [SMTP:[EMAIL PROTECTED]]
>> Sent: Thursday, August 17, 2000 10:51 PM
>> To: 'Robert MacDonald'; '[EMAIL PROTECTED]';
>> '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]';
>> '[EMAIL PROTECTED]'
>> Subject: RE: [FW1] ftp connection reset
>>
>>
>> Please don't be offended by this.
>>
>> You might want to research this further.
>> I've found that checking the PASV box is required to allow passive ftp.
>>
>> I have run traces that indicate that unchecking the box disallows PASV.
>>
>> I resolved the reset problem with compaq by applying the change found at
>> http://www.checkpoint.com/techsupport/alerts/pasvftp.html
>>
>> -----Original Message-----
>> From: [EMAIL PROTECTED]
>> [mailto:[EMAIL PROTECTED]]On Behalf Of
>> Robert MacDonald
>> Sent: Thursday, August 17, 2000 4:00 PM
>> To: [EMAIL PROTECTED];
>> [EMAIL PROTECTED]; [EMAIL PROTECTED];
>> [EMAIL PROTECTED]
>> Subject: Re: [FW1] ftp connection reset
>>
>> If PASV is on in policy properties, turn it off.
>> This works the opposite of what it reads.
>>
>> If I'm not mistaken, Compaq is PASV only.
>>
>> Robert
>> - -
>> Robert P. MacDonald, Network Engineer
>> e-Business Infrastructure
>> G o r d o n F o o d S e r v i c e
>> Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>>
>> >>> [EMAIL PROTECTED] 8/17/00 4:49:27 PM >>>
>> >
>> >Hello!
>> >
>> > I'm getting a weird problem whilst trying to connect from an
>> >internal nated machine to an external ftp server. FYI, I'm using 4.1 SP2
>> >on Nokia IP440 and the usual stuff is checked (allowing the connection,
>> >allowing passive/active connections, etc...)
>> >
>> > Ftping works with some servers and don't with others. For example,
>> >this a tcpdump of the one which works (it stops at the login prompt):
>> >
>> >20:34:35.443218 a.b.c.d.10130 > 147.83.2.29.21: S 157350:157350(0) win
>> >8192 <mss 1460> (DF)
>> >20:34:35.503627 147.83.2.29.21 > a.b.c.d.10130: S
>> 2774149207:2774149207(0)
>> >ack 157351 win 8760 <mss 1460> (DF)
>> >20:34:35.503880 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 0
>> >20:34:35.504961 a.b.c.d.10130 > 147.83.2.29.21: . ack 1 win 8760 (DF)
>> >20:34:35.578264 147.83.2.29.21 > a.b.c.d.10130: P 1:13(12) ack 1 win 8760
>> >(DF) [tos 0x10]
>> >20:34:35.766971 a.b.c.d.10130 > 147.83.2.29.21: . ack 13 win 8748 (DF)
>> >20:34:35.824443 147.83.2.29.21 > a.b.c.d.10130: P 13:164(151) ack 1 win
>> >8760 (DF) [tos 0x10]
>> >20:34:35.985845 a.b.c.d.10130 > 147.83.2.29.21: . ack 164 win 8597 (DF)
>> >
>> > a.b.c.d is my machine.
>> >
>> > As you can see everything here is fine. However, when I try to ftp
>> >to ftp.compaq.com I get:
>> >
>> >19:42:45.512310 a.b.c.d.21160 > 161.114.19.247.21: S 27722:27722(0) win
>> >8192 <mss 1460> (DF)
>> >19:42:45.695944 161.114.19.247.21 > a.b.c.d.21160: S
>> >1352086744:1352086744(0) ack 27723 win 8280 <mss 1380> (DF)
>> >19:42:45.696144 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 0
>> >19:42:45.697217 a.b.c.d.21160 > 161.114.19.247.21: . ack 1 win 8280 (DF)
>> >19:42:45.884541 161.114.19.247.21 > a.b.c.d.21160: P 1:5(4) ack 1 win
>> 8280
>> >(DF)
>> >19:42:45.884713 a.b.c.d.21160 > 161.114.19.247.21: R 27723:27723(0) win 0
>> >(DF)
>> >
>> > As you see, everything's the same until the last step when the
>> >FW-1 sends a TCP reset to ftp.compaq.com!
>> >
>> > I've checked that I'm not using the latest ftp enhancements (the
>> >SP2 specficic ones and they're not enabled), all the ftp bugfixes in the
>> >Nokia knowledge base that I can find and nothing's helped me.
>> >
>> > Any kind of ideas on what's going on and how to solve it would be
>> >greatly appreciated.
>> >
>> > Thanks!
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
