Re: [FW1] Possible FTP timeouts from MS boxes

Tue, 28 Aug 2001 04:16:28 -0700 


Mike,

This is definitely MS problem. I have seen this before and had the same 
problem. One solution is to use passive FTP.

I have looked at the snoop packets very closely and confirmed this. This is 
what happens -

When active FTP is used the FTP server provides the data connection port, 
and switches the ports randomly for data transfer. As long as the client is 
able to treat this port change correctly there is no problem. However the 
client ( NT box ) somehow cannot handle this properly all the time. So the 
server has switched the port and now the server as well as the FW-1 are 
expecting connection on this switched port, but the client somehow does not 
seem to have the new port info and uses the port used for the previous 
connection, which the FW-1 religiously rejects/drops it.

Good luck !!!

Devendra Murmu
Salomon Smith Barney
390 Greenwich Street, 6th Floor
New York, NY 10013
(212) 723-5475
[EMAIL PROTECTED]



>From: "Cross, Michael" <[EMAIL PROTECTED]>
>To: <[EMAIL PROTECTED]>
>Subject: [FW1] Possible FTP timeouts from MS boxes
>Date: Wed, 22 Aug 2001 17:26:20 -0400
>
>All,
>
>I am having an issue where I am FTPing a large number of small files
>from an NT to a Solaris box in the DMZ.  The firewall is allowing the
>data through but for some reason the connection gets closed prematurely
>ending the FTP before all the files are transferred.
>
>I had recently moved the solaris box from an old firewall (3.0b) to a
>new firewall (4.1).  The problem didnt appear until after the move.
>
>To make matters worse, I have tested it on a few windows boxes and they
>all seem to have the same problem...and...I have tested it on a a few
>unix boxes and they work without a problem.
>
>I have spoken with some people who mumble stuff about MS and the IP
>stack during FTP, but I have never heard anything about that.
>
>Has anyone seen this kind of problem before or anything like it?
>
>Thanks
>
>MCross


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to