Firewalls: RE: Checkpoint and FWTK 1.2 ftp proxy hangs

Firewalls
(October 1997)

Indexed By Thread: [Previous] [Next]

Subject:	RE: Checkpoint and FWTK 1.2 ftp proxy hangs
From:	Rick Murphy <rick @ paimail . com>
Date:	Wed, 01 Oct 1997 22:27:32 -0400
To:	Joseph Judge <joej @ joesmac . ultranet . com>
Cc:	"firewalls @ GreatCircle . COM" <firewalls @ GreatCircle . COM>, "'Bob Gerrish'" <u-rpg @ nta . com>
In-reply-to:	<01BCCDE3 . 482CD820 @ zandar . judgefamily . org>

Firewall-1 (at least older versions, they may have fixed this in current
software) requires that the FTP "PORT" command arrive complete in a single
IP packet. The older FWTK ftp-gw sent the PORT command in one write, then
sent the
terminating CR/LF in a second write. While this does not violate the protocol,
it was not what the Firewall-1 FTP code expected. We used to joke about the
fact that the supposed "stateful" firewall couldn't keep state across two
packets :-) I changed the ftp-gw to send the PORT command in a single
write, thus working around the FW-1 bug. (To be fair, there are other firewall
products that have the same bug - even application proxy firewalls, which fact
I found rather surprising..)
	-Rick

References:

RE: Checkpoint and FWTK 1.2 ftp proxy hangs
From: Joseph Judge <joej @ joesmac . ultranet . com>

Indexed By Date	Previous:	Re: Firewalls-Digest V6 #471 From: msrao @ mtu . edu
Indexed By Date	Next:	Firewalls-Digest V6 #472 -Reply From: BILL LOWRY <blowry @ balch . com>
Indexed By Thread	Previous:	RE: Checkpoint and FWTK 1.2 ftp proxy hangs From: Joseph Judge <joej @ joesmac . ultranet . com>
Indexed By Thread	Next:	Re: Radius From: Tim Basher <basher @ alpha . CES . CWRU . Edu>