Tim,
It appears the difference is that Compaq allows for PASV
and non-PASV. I can do it either way.
Have you sniffed the connection on both sides of the fw?
Robert
>>> Chilton Tim <[EMAIL PROTECTED]> 6/26/00 6:04:41 AM >>>
>
>Robert,
>
>You are right that there is a long delay between the 20 and 425 messages,
>note however that none of the sessions connect (command line FTP, WS_FTP,
>IE4, etc) so surely if it were a "hard" problem from the config of the
>firewall then all sites would be affected and I wouldn't be able to talk to
>ftp.compaq.com for example from all 3 products ?
>
>What is the difference between those two sites for example -- ftp.compaq.com
>and ftp.oracle.com ?
>
>I have tested with passive settings on the firewall turned on and off, plus
>the same settings passive/active settings in WS_FTP's connection.
>
>Regards
>
>Tim
>
>
>
>-----Original Message-----
>From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
>Sent: 23 June 2000 19:44
>To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
>Subject: Re: [FW1] FTP can't connect to certain servers.
>
>
>Tim,
>
>I bet you have a long pause between the 200/425
>messages.
>
>PASV does not work on Windows boxes. Here is
>what a 'normal' NT command line FTP does on
>Oracles site(snoop from outside fw)
>
>stayout-nic -> 206.204.55.43 FTP C port=22749
>206.204.55.43 -> stayout-nic FTP R port=22749
> stayout-nic -> 206.204.55.43 FTP C port=22749
>206.204.55.43 -> stayout-nic FTP R port=22749 220-Hello, Welcome t
> stayout-nic -> 206.204.55.43 FTP C port=22749
>206.204.55.43 -> stayout-nic FTP R port=22749 220-\r\n220-\r\n220 web5
> stayout-nic -> 206.204.55.43 FTP C port=22749
> stayout-nic -> 206.204.55.43 FTP C port=22749 USER anonymous\r\n
>206.204.55.43 -> stayout-nic FTP R port=22749
>206.204.55.43 -> stayout-nic FTP R port=22749 331 Guest login ok,
> stayout-nic -> 206.204.55.43 FTP C port=22749
> stayout-nic -> 206.204.55.43 FTP C port=22749 PASS [EMAIL PROTECTED]
>206.204.55.43 -> stayout-nic FTP R port=22749 230 Anonymous login
> stayout-nic -> 206.204.55.43 FTP C port=22749
> stayout-nic -> 206.204.55.43 FTP C port=22749 PORT 208,240,15,3,89
>206.204.55.43 -> stayout-nic FTP R port=22749 200 PORT command suc
> stayout-nic -> 206.204.55.43 FTP C port=22749 NLST\r\n
>206.204.55.43 -> stayout-nic FTP R port=22749
>206.204.55.43 -> stayout-nic FTP R port=22749 425 Can't build data
> stayout-nic -> 206.204.55.43 FTP C port=22749
>
>But notice the difference when I ask IE to do this
>with ftp://ftp.oracle.com
>
>stayout-nic -> 206.204.55.43 FTP C port=23676
>206.204.55.43 -> stayout-nic FTP R port=23676
> stayout-nic -> 206.204.55.43 FTP C port=23676
>206.204.55.43 -> stayout-nic FTP R port=23676 220-Hello, Welcome t
> stayout-nic -> 206.204.55.43 FTP C port=23676
>206.204.55.43 -> stayout-nic FTP R port=23676 220-\r\n220-\r\n220 web5
> stayout-nic -> 206.204.55.43 FTP C port=23676 USER anonymous\r\n
>206.204.55.43 -> stayout-nic FTP R port=23676
>206.204.55.43 -> stayout-nic FTP R port=23676 331 Guest login ok,
> stayout-nic -> 206.204.55.43 FTP C port=23676 PASS IEUser@\r\n
>206.204.55.43 -> stayout-nic FTP R port=23676 230 Anonymous login
> stayout-nic -> 206.204.55.43 FTP C port=23676 CWD /\r\n
>206.204.55.43 -> stayout-nic FTP R port=23676 250 CWD command succ
> stayout-nic -> 206.204.55.43 FTP C port=23676 TYPE A\r\n
>206.204.55.43 -> stayout-nic FTP R port=23676 200 Type set to A.\r\n
> stayout-nic -> 206.204.55.43 FTP C port=23676 PASV\r\n
>206.204.55.43 -> stayout-nic FTP R port=23676 227 Entering Passive
> stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Syn Seq=621723 Len=0
>Win=8192
>206.204.55.43 -> stayout-nic TCP D=23693 S=45609 Rst Ack=621724 Win=0
> stayout-nic -> 206.204.55.43 FTP C port=23676
> stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Syn Seq=621723 Len=0
>Win=8192
>206.204.55.43 -> stayout-nic TCP D=23693 S=45609 Rst Ack=621724 Win=0
> stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Syn Seq=621723 Len=0
>Win=8192
>206.204.55.43 -> stayout-nic TCP D=23693 S=45609 Syn Ack=621724
>Seq=760474867 Len=0 Win=6
>4240
> stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Ack=760474868
>Seq=621724 Len=0 Win=8
>760
> stayout-nic -> 206.204.55.43 FTP C port=23676 LIST\r\n
>206.204.55.43 -> stayout-nic FTP R port=23676 150 Opening ASCII mo
>206.204.55.43 -> stayout-nic TCP D=23693 S=45609 Ack=621724
>Seq=760474868 Len=256 Win
>=64240
>206.204.55.43 -> stayout-nic TCP D=23693 S=45609 Fin Ack=621724
>Seq=760475124 Len=0 Win=6
>4240
> stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Ack=760475125
>Seq=621724 Len=0 Win=8
>504
> stayout-nic -> 206.204.55.43 TCP D=45609 S=23693 Fin Ack=760475125
>Seq=621724 Len=0 Win=8
>504
>206.204.55.43 -> stayout-nic TCP D=23693 S=45609 Ack=621725
>Seq=760475125 Len=0 Win=6
>4240
> stayout-nic -> 206.204.55.43 FTP C port=23676
>206.204.55.43 -> stayout-nic FTP R port=23676 226 Transfer complet
> stayout-nic -> 206.204.55.43 FTP C port=23676
>
>As for the others, they are not in passive mode.
>
>HTH.
>
>Robert
>
>- -
>Robert P. MacDonald, Network Engineer
>e-Business Infrastructure
>G o r d o n F o o d S e r v i c e
>Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
>
>>>> Chilton Tim <[EMAIL PROTECTED]> 6/23/00 10:59:49 AM >>>
>>
>>I have a minor problem with FTP to certain sites, goes a little like this.
>>
>>ftp to ftp.compaq.com -- all OK, works via NT command line, WS_FTP, IE5
>etc,
>>this is the situation for *most* sites
>>
>>Certain sites like ftp.oracle.com don't work -- I can connect and log in
>(as
>>anonymous), get the welcome message but an "LS" command generates the
>>following
>>
>>200 PORT command successful.
>>425 Can't build data connection: No such file or directory.
>>
>>I also know it is firewall related since a workstation outside the firewall
>>can connect properly.
>>
>>Firewall config is NT, FW1 4.1 and a CVP for FTP amongst other things.
>>
>>Anyone come across this - and for the high-score a solution to it :->
>>
>>Tim
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
