I've been having similar problem with FTP although not through FW-1 but
here's a couple of possibilities.
Some ftp servers use a different IP address for data connections then
they use for control connections.
This can confuse the firewall and cause it to refuse an inbound data
connection request. This also confuses Cisco's NAT implementation. To
get around this problem use a PASV client like ws_ftp32 or ftp voyager
(the native MS ftp doesn't do PASV).
However, this introduces another problem. The ftp server in MS NT 3.51
has a bug. When you attempt to use it in PASV mode it drops the first
letter of the commands you send it! So requesting a LIST results in the
error "Can't understand IST command."
It appears that Netscape's ftp implementation uses the PASV mode by
default so it will consistently fail going to NT 3.51 ftp servers. You
can check the FTP server by opening a control connection and issuing a
SYSTEM command. If it comes back NT 3.51 you'll know why ftp doesn't
work.
> -----Original Message-----
> From: Martin Velasco [SMTP:jvelasco @
solbanco .
fin .
ec]
> Sent: Thursday, September 11, 1997 5:03 PM
> To: firewalls @
greatcircle .
com
> Subject: FW-1 2.1 and IE 3.x
>
> Hi,
>
> I have this problem regarding FW-1 and IE (also with Navigator 3.x):
> I
> can't ftp through it, but rather use a separate client (such as
> ws-ftp, or
> a unix client). The logs show that the outgoing connection is
> initially
> accepted, but then it shows as if there were two connection attempts.
> I'm
> using FW-1 2.1 with an evaluation license, on NT. Don't know if any of
> you
> could give me a hint of what's going on or if this is "normal" in
> FW-1.
>
> Thanks in advance for any reply.
>
> Regards,
>
> -Martin
> /|
> ___| /
> /---\/ -----------------------------------*
> |------/ Martín Velasco *
> |------\ Guayaquil-Ecuador *
> |------- South America *
> \------ mailto:jvelasco @
solbanco .
fin .
ec *
> \__^__-----------------------------------*
|
|
