Re: [FW1] ftp problems

Wed, 20 Sep 2000 13:17:06 -0700 


We ran into a similar problem trying to FTP through the firewall both
ways. File size did not matter 110 kb or 50 mb. Our issue was an
intermittent problem that was fairly hard to replicate. Sometimes it
would not have a problem sometimes it would. Passive and active didn't
matter nor did the TCP high ports fix that Checkpoint suggested. We did
a TCP dump and it seems as if the Firewall as accepting a FIN ACK before
all of the data was passed through. At first we thought it was a problem
with the way the FTP servers TCP/IP stacks were configured but alas this
was not the case the same issue arose when using a SUN server as an FTP
box. Finally we looked into the inspect code that Checkpoint uses but
could not track down the issue. I don't know if any of this helps but
maybe some one actually figured out what was going on.

Rick

Tom Heyworth wrote:
> 
> Hi, i'm having problems with ftp connections to some ftp sites
> (ftp.compaq.com   ftp.barrysworld.com for instance) from behind my firewall
> (Firewall-1 4.1 on Redhat 6.2) i'm not blocking anything specific except all
> connections to the firewall it's self. I have checked the log to see if
> anything is getting denied, theres not. I have put the firewall ip in the
> DNS to see if this makes any difference - it doesn't. Has anyone got any
> ideas why this is happening and how to 'fix' it? or is it just my firewall?
> (try ftp'ing to ftp.compaq.com)
> 
> thanks
> 
> Tom Heyworth
> 
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================

-- 
Rick McElroy            
Booz�Allen & Hamilton
1615 Murray Canyon Road
Suite 220
San Diego, CA 92108

619-725-6608


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to