--- Begin Message ---
Title: Re: [FW1] Bizarre ftp problems
Me too, see my posting "Problems with non-passive FTP" on Monday
(11/09/00). Passive FTP does work for us, but normal-mode gives
exactly the same error you described. I have also tried the #FTPPORT
and #FTP_NL_ENFORCE code mods in base.def to no effect.
Is everyone else using just passive-mode FTP? Anyone using
normal-mode FTP on 4.1 SP2 successfully?
Steve
>>> "Mike Hoffos" <[email protected]> 12/09/00 19:41:11 >>>
The clients are all sun machines using command line ftp. They
successfully
login, but any command after that and they get the 421 error --
including
the attempt to use pasv.
Non-passive:
> 220 merlin FTP server (SunOS 4.1) ready.
> Name (ftp.openbsd.org:root): ftp
> 331 Guest login ok, send your email address as password.
> Password:
> 230- Guest login ok, access restrictions apply.
> 230- Local time is: Tue Sep 12 12:37:26 2000
> 230
> ftp> dir
> 421 Service not available, remote server has closed connection
> ftp>
Passive attempt:
220 merlin FTP server (SunOS 4.1) ready.
Name (ftp.openbsd.org:root): ftp
331 Guest login ok, send your email address as password.
Password:
230- Guest login ok, access restrictions apply.
230- Local time is: Tue Sep 12 12:38:18 2000
230
ftp> quot pasv
227 Entering Passive Mode (129,128,5,191,164,36)
ftp> dir
421 Service not available, remote server has closed connection
ftp>
I have tried the #FTPPORT solution to remove the newline requirement,
and I
have also done the commenting out of #FTP_NL_ENFORCE.
The same behaviour is exhibited by people trying to ftp into a server
behind
our firewall. Looks OK, but any command attempt gives the 421 error.
Any other suggestions? I am getting an intense amount of pressure now
from
people around here.
Mike
Hal Dorsman wrote:
> By "pasv mode or not", do you mean you are changing
> the option on the firewall, or in the client. I have
> seen the same thing and tt is a client issue. Go into
> your client setup and enable PASV mode. This should
> fix it for you. Some clients have pasv enabled by
> default (I think MS, and Solaris command line worked),
> but WSFTP did not, just as you described. Enabling
> pasv in the options fixed it.
>
> Hal
>
> Hal Dorsman
> Data Network Engineer
> Blackfoot Telephone Cooperative
> Missoula, Montana, USA
> [email protected]
>
>
> -----Original Message-----
> From: Mike Hoffos [mailto:[email protected]]
> Sent: Tuesday, September 12, 2000 11:46 AM
> To: [email protected]
> Subject: [FW1] Bizarre ftp problems
>
> I am having an urgent problem, and need any advice I can get.
>
> The firewall is 4.1SP2 on Solaris 7.
>
> Clients behind the firewall cannot successfully ftp out to
anywhere,
> pasv mode or not. All that is returned by any server I try is 421
> Service not available (after they successfully login).
>
> Even more strange (to me, but perhaps they are related) is that
ftp's
> into allowed servers behind the firewall give external clients the
exact
> behaviour. Machines in front of the firewall can successfully ftp
out
> (but not to NATd machines behind the firewall, then they get the
421
> error as mentioned above).
>
> As anyone seen this before? Is there a resolution?
>
> Thanks,
> Mike Hoffos
> Technical Architect
> Infocast Corporation
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
--- End Message ---