[c-nsp] ftp fixup on firewall service module

B deadheadblues at gmail.com
Wed May 5 13:20:59 EDT 2010


I don't think passive mode (from inside to outside) requires fixup. Both
channels are outbound initiated. Does the control connection get
established? Perhaps it's something else...

On Wed, May 5, 2010 at 7:29 AM, Mishka, Jason <Jason.Mishka at utoledo.edu>wrote:

> A you ftping on the default port, 21?  If not, it won't work (unless you
> specify otherwise, I believe).  The inspection engine needs to see the
> data channel port negotiation.
>
> There was also a ftp related bug prior to 3.1(10) for session
> termination but this doesn't sounds like it.  Bug check out CSCsi27512
> just in case.
>
> Jason
>
>
>
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arne Larsen /
> Region Nordjylland
> Sent: Wednesday, May 05, 2010 6:04 AM
> To: 'cisco-nsp at puck.nether.net'
> Subject: [c-nsp] ftp fixup on firewall service module
>
> Hi all.
>
> I'm having some problems with a client connecting to a ftp server.
> The client uses passive mode, shouldn't the fixup in the service module
> take care of the data channel.
> I can se anything being dropped in firewall, but then again I don't s
> really se any traffic on the data channel.
>
> /Arne
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>


More information about the cisco-nsp mailing list