Re: [SLUG] Re: ftp problem

From: Ter (ter450@tampabay.rr.com)
Date: Tue May 14 2002 - 17:46:08 EDT


I have had some solid "sniffer" results using "Ethereal" and "Ettercap",
both GNU stuff. Some port scanners may help on the 2000 machine. Languard
has a good one. If you haven't, try resolving the ftp client (Win 2000 box)
by IP address, rather than by DNS/URL. Did you install any "Active
Directory" on the 2000 box? (Big P.I.A... Ebola is a less deadly virus to a
network, unless all Win2000).
Pete

----- Original Message -----
From: "Gypsy" <klgeorge@mindspring.com>
To: <slug@nks.net>
Sent: Tuesday, May 14, 2002 4:08 PM
Subject: Re: [SLUG] Re: ftp problem

>
>
> On Tue, 14 May 2002 13:48:19 -0400 Ken Billings <lists@coffeehouseltd.com>
wrote:
>
> >Solving something like this is difficult without >knowing the specifics
of the situation. I'm >assuming the box that was upgraded to win2k is >the
firewall, right?
>
> No the firewall is a Lynksys Etherfass Cable/DSL router. The Win2k box is
our network server it replaced a WinNT box.
>
> >What is the connection path to the web server >from both of your client
boxes(mainly I'm >wondering if you have to go through the firewall >from
outside _and_ inside)?
>
> We have three different static IP addresses provided by our ISP. The first
is for our web server which is outside our firewall. The second is the IP
address that is assigned to the firewall. The last is assigned to our VPN
server which is also outside our firewall.
>
> >You said the firewall is set up the
> >same, but what _are_ those settings?
>
> It is set up with a LAN IP address & subnet mask, the internet IP address,
subnet mask, DNS servers provided by our ISP, has DHCP disabled and the ftp
and telnet ports are forwarded to an internal linux server. The IP address
that has these ports forwarded is not the same IP address as the web server.
The IP address being forwarded is XXX.XXX.XXX.123 the IP address for the web
server is XXX.XXX.XXX.122.
>
> >Is ftp the only protocol that shows a problem?
>
> No, telnet, pop3, and snmp are extremely slow when accessed internally,
but they will connect.
>
> >Have you tried both active and passive mode ftp?
>
> No, haven't tried that yet.
>
> >Are you getting _any_ connection at all(TCP >syn/ack handshaking, login
prompt)?
>
> When using Win2k's ftp program it says it's connected to the IP address
and then just sits there for awhile and then gives the message "connection
closed by remote host" I, unfortunatly, don't have access to many diagnostic
tools as my company does not see the benifit of purchasing them.
>
> >Almost the first thing I do in a situation like >this is to fire up a
packet sniffer on all of >the boxes concerned. You should see the initial
>SYN packet leave your client box, hit both >interfaces of the firewall, and
show up on the >webserver. The response packet should go through >them all
in reverse. If you see it disappear >somewhere along the way, then that's
where you >should be looking.
>
> I hadn't thought of this. Could you recomend one for linux?
>
> >Usually ftp problems are firewall configuration >issues, especially
active ftp.
>
> That's what I thought, but the firewall hasn't been changed. The only
thing that is different is our network server.
>
> Our LAN and web server are not connected in any way. They have always been
independent of each other and it was not until we replaced the WinNT server
with the Win2k server that we started to have problems.
>
> Thanks,
>
> KL
> --
> Imagination is the seed of intelligence. Nourish it and watch it grow.



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 18:30:19 EDT