On Tue, 14 May 2002 13:48:19 -0400 Ken Billings <lists@coffeehouseltd.com> wrote:
>Solving something like this is difficult without >knowing the specifics of the situation. I'm >assuming the box that was upgraded to win2k is >the firewall, right?
No the firewall is a Lynksys Etherfass Cable/DSL router. The Win2k box is our network server it replaced a WinNT box.
>What is the connection path to the web server >from both of your client boxes(mainly I'm >wondering if you have to go through the firewall >from outside _and_ inside)?
We have three different static IP addresses provided by our ISP. The first is for our web server which is outside our firewall. The second is the IP address that is assigned to the firewall. The last is assigned to our VPN server which is also outside our firewall.
>You said the firewall is set up the
>same, but what _are_ those settings?
It is set up with a LAN IP address & subnet mask, the internet IP address, subnet mask, DNS servers provided by our ISP, has DHCP disabled and the ftp and telnet ports are forwarded to an internal linux server. The IP address that has these ports forwarded is not the same IP address as the web server. The IP address being forwarded is XXX.XXX.XXX.123 the IP address for the web server is XXX.XXX.XXX.122.
>Is ftp the only protocol that shows a problem?
No, telnet, pop3, and snmp are extremely slow when accessed internally, but they will connect.
>Have you tried both active and passive mode ftp?
No, haven't tried that yet.
>Are you getting _any_ connection at all(TCP >syn/ack handshaking, login prompt)?
When using Win2k's ftp program it says it's connected to the IP address and then just sits there for awhile and then gives the message "connection closed by remote host" I, unfortunatly, don't have access to many diagnostic tools as my company does not see the benifit of purchasing them.
>Almost the first thing I do in a situation like >this is to fire up a packet sniffer on all of >the boxes concerned. You should see the initial >SYN packet leave your client box, hit both >interfaces of the firewall, and show up on the >webserver. The response packet should go through >them all in reverse. If you see it disappear >somewhere along the way, then that's where you >should be looking.
I hadn't thought of this. Could you recomend one for linux?
>Usually ftp problems are firewall configuration >issues, especially active ftp.
That's what I thought, but the firewall hasn't been changed. The only thing that is different is our network server.
Our LAN and web server are not connected in any way. They have always been independent of each other and it was not until we replaced the WinNT server with the Win2k server that we started to have problems.
Thanks,
KL
-- Imagination is the seed of intelligence. Nourish it and watch it grow.
This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:30:06 EDT