Re: [FW1] FTP Broken after upgrade to SP6 on Solaris

Tue, 13 Jun 2000 13:04:56 -0700 


On Jun 12, 17:53, Josh Rivel wrote:
> Subject: [FW1] FTP Broken after upgrade to SP6 on Solaris
>
> Hi.
> We just upgraded our Firewall-1 machine (Solaris 2.5.1) from 4.0
> to 4.0 SP6.
> Since then FTP through the firewall seems to be broken. I have "Enable
> FTP/PASV mode" checked under the policy properties. When connecting from
> outside our network and doing a 'ls' command seems to hang it (Of course
> we have not been able to duplicate this) And it seems to mostly hang
> with Windows gui FTP clients, but yet some of our customers have it
> happen repeatedly. It gives an error message about being unable to build
> a proper port.

This does not help ypu, but I have another problem. I noticed it after SP6
was installed.

When using the FTP Security Server some sites cannot longer be used.
ftp.compaq.com and ftp.nai.com are unusable while ftp.oracle.com and
sunsolve.sun.de still work.
Unusable means:
AFter logging in the SEcurity server says
421 Service not available, remote server has closed connection
Snooping the net I see that after the (rather long) welcome message from
the FTP server has been received, the firewall sends a RST.

In the aftpd.log File I found:
af_init_allowed_cmds: unable to locate ftp_allowed_cmds using default list

After I added the aproppriate string to the :props-Section this entry no
longer appears. Nevertheless, this did not solve the problem.

When I make a catch-rule defining the FTP service without resource for the
above-mentioned hosts FTP works fine.

Is this really  SP6's fault? The fw runs on an Ultra10 with Solaris 7 and
the latest patches (all of them which can be installed (removed some
software packages)).

Any clues?

-Wolfram



-- 
Email: [EMAIL PROTECTED]
Voice: +49 711 970 2431
Fax: +49 711 970 2401
Office: Fraunhofer IAO, Holzgartenstr. 17, 70174 Stuttgart, Germany


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to