[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Bizarre ftp problems
Me too, see my posting "Problems with non-passive FTP" on Monday (11/09/00). Passive FTP does work for us, but normal-mode gives exactly the same error you described. I have also tried the #FTPPORT and #FTP_NL_ENFORCE code mods in base.def to no effect. Is everyone else using just passive-mode FTP? Anyone using normal-mode FTP on 4.1 SP2 successfully? Steve >>> "Mike Hoffos" <[email protected]> 12/09/00 19:41:11 >>> The clients are all sun machines using command line ftp. They successfully login, but any command after that and they get the 421 error -- including the attempt to use pasv. Non-passive: > 220 merlin FTP server (SunOS 4.1) ready. > Name (ftp.openbsd.org:root): ftp > 331 Guest login ok, send your email address as password. > Password: > 230- Guest login ok, access restrictions apply. > 230- Local time is: Tue Sep 12 12:37:26 2000 > 230 > ftp> dir > 421 Service not available, remote server has closed connection > ftp> Passive attempt: 220 merlin FTP server (SunOS 4.1) ready. Name (ftp.openbsd.org:root): ftp 331 Guest login ok, send your email address as password. Password: 230- Guest login ok, access restrictions apply. 230- Local time is: Tue Sep 12 12:38:18 2000 230 ftp> quot pasv 227 Entering Passive Mode (129,128,5,191,164,36) ftp> dir 421 Service not available, remote server has closed connection ftp> I have tried the #FTPPORT solution to remove the newline requirement, and I have also done the commenting out of #FTP_NL_ENFORCE. The same behaviour is exhibited by people trying to ftp into a server behind our firewall. Looks OK, but any command attempt gives the 421 error. Any other suggestions? I am getting an intense amount of pressure now from people around here. Mike Hal Dorsman wrote: > By "pasv mode or not", do you mean you are changing > the option on the firewall, or in the client. I have > seen the same thing and tt is a client issue. Go into > your client setup and enable PASV mode. This should > fix it for you. Some clients have pasv enabled by > default (I think MS, and Solaris command line worked), > but WSFTP did not, just as you described. Enabling > pasv in the options fixed it. > > Hal > > Hal Dorsman > Data Network Engineer > Blackfoot Telephone Cooperative > Missoula, Montana, USA > [email protected] >> > -----Original Message----- > From: Mike Hoffos [mailto:[email protected]] > Sent: Tuesday, September 12, 2000 11:46 AM > To: [email protected] > Subject: [FW1] Bizarre ftp problems > > I am having an urgent problem, and need any advice I can get. > > The firewall is 4.1SP2 on Solaris 7. > > Clients behind the firewall cannot successfully ftp out to anywhere, > pasv mode or not. All that is returned by any server I try is 421 > Service not available (after they successfully login). > > Even more strange (to me, but perhaps they are related) is that ftp's > into allowed servers behind the firewall give external clients the exact > behaviour. Machines in front of the firewall can successfully ftp out > (but not to NATd machines behind the firewall, then they get the 421 > error as mentioned above). > > As anyone seen this before? Is there a resolution? > > Thanks, > Mike Hoffos > Technical Architect > Infocast Corporation ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|