Date: Thu, 09 Nov 2000 14:25:28 -0800 From: David Greenman <dg@root.com> To: cjclark@alum.mit.edu Cc: Dag-Erling Smorgrav <des@ofug.org>, Terry Lambert <tlambert@primenet.com>, chat@FreeBSD.ORG Subject: Re: ftp.freebsd.org b0rked? Message-ID: <200011092225.OAA08474@implode.root.com> In-Reply-To: Your message of "Thu, 09 Nov 2000 10:41:10 PST." <20001109104110.A91691@149.211.6.64.reflexcom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Tue, Oct 31, 2000 at 10:11:38AM +0100, Dag-Erling Smorgrav wrote: >> Terry Lambert <tlambert@primenet.com> writes: >> > I have seen this with particular firewalls (I think CheckPoint >> > was one), where they attempt to do state tracking on FTP, and >> > fail to be able to do that and do address rewriting at the same >> > time. >> >> Not relevant. I'm using real IP addresses and the connection is >> dropped immediately after the PASS command, no matter what password I >> actually send. There is a FW1 upstream, but it's supposed to let all >> traffic to and from my subnet through untouched. >> >> David - is there any way we can try to debug this? I guess the first >> thing to try is if it's specific to dgftpd - do you have another site >> that runs dgftpd I can test against? > >Better late than never? We had a problem with our FW-1 after an >"upgrade." Here is a source that sums up the different approaches to >the issue, > > http://www.securityportal.com/topnews/weekly/checkpoint20000918.html > >Scroll down to the "Multiple Problems with FTP After Upgrading" >section. HTH. I don't see how dg-ftpd is doing anything wrong. It always replies with CRLF terminated lines on the command channel as RFC-959 requires. ...so I don't think this is the cause. The problem appears to be a real bug in the checkpoint firewall code. -DG David Greenman Co-founder, The FreeBSD Project - http://www.freebsd.org President, TeraSolutions, Inc. - http://www.terasolutions.com Pave the road of life with opportunities. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200011092225.OAA08474>