I would suggest that the FW-1 is dropping the return FTP high port
connection.
Try "passive" FTP from site B and see if that works. If so, make sure that
the FW-1 is configured to use non-PASV FTP. Or, better still, deal with only
being able to use PASV from site B.
When Mike's little FTP bug came out, the initial recommendation was to
disable active FTP - they may have done that and not remembered.
Cheers,
--
Ben Nagy
Marconi Services
Network Integration Specialist
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
> -----Original Message-----
> From: Shane Miller [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 28 November 2000 7:17
> To: [EMAIL PROTECTED]
> Subject: FTP'ing through 2 firewalls
>
>
> I have a problem I hope some people on this list could shed
> some light on.
>
> Site A has the following:
> Packet filtering firewall with stateful inspection forwarding
> port 21 to a
> MS FTP server.
>
> Site B has the following:
> Checkpoint FW-1 forwarding 21 to MS FTP server.
>
> Site A can connect to Site B via DOS FTP with fully
> functional data and
> control sessions.
> Site B can connect to Site A via DOS FTP and not achieve a
> data connection.
> Only log in.
>
> Does this have anything to do with an Application proxy, if
> that is what
> FW-1 uses.
> Hopefully this info isn't too sketchy. I can elaborate if needed.
> Any hints, recommendations, URLs, or one-liners would be appreciated.
>
> Thanks in advance,
> Shane
> [EMAIL PROTECTED]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
