[c-nsp] ftp fixup on firewall service module

Ge Moua moua0100 at umn.edu
Wed May 5 13:49:40 EDT 2010 

yes, I've seen these on our fwsms on 3.x code; the current 4.x code 
seems to have fix this.

--
Regards,
Ge Moua
Network Design Engineer

University of Minnesota | OIT - NTS
--


On 5/5/10 12:20 PM, B wrote:
> I don't think passive mode (from inside to outside) requires fixup. Both
> channels are outbound initiated. Does the control connection get
> established? Perhaps it's something else...
>
> On Wed, May 5, 2010 at 7:29 AM, Mishka, Jason<Jason.Mishka at utoledo.edu>wrote:
>
>    
>> A you ftping on the default port, 21?  If not, it won't work (unless you
>> specify otherwise, I believe).  The inspection engine needs to see the
>> data channel port negotiation.
>>
>> There was also a ftp related bug prior to 3.1(10) for session
>> termination but this doesn't sounds like it.  Bug check out CSCsi27512
>> just in case.
>>
>> Jason
>>
>>
>>
>> -----Original Message-----
>> From: cisco-nsp-bounces at puck.nether.net
>> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Arne Larsen /
>> Region Nordjylland
>> Sent: Wednesday, May 05, 2010 6:04 AM
>> To: 'cisco-nsp at puck.nether.net'
>> Subject: [c-nsp] ftp fixup on firewall service module
>>
>> Hi all.
>>
>> I'm having some problems with a client connecting to a ftp server.
>> The client uses passive mode, shouldn't the fixup in the service module
>> take care of the data channel.
>> I can se anything being dropped in firewall, but then again I don't s
>> really se any traffic on the data channel.
>>
>> /Arne
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>>      
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>

More information about the cisco-nsp mailing list