FTP problems

This is a discussion on FTP problems within the IPFilter forums, part of the System Security and Security Related category; Hi, I have a box with IP Filter (v3.4.31, Solaris 8, Sun 420) running along with an FTP ...


Go Back   Usenet Forums > System Security and Security Related > IPFilter

Reload this Page FTP problems

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old 09-25-2003
Paul Mackey
 
Posts: n/a
Default FTP problems
Hi,

I have a box with IP Filter (v3.4.31, Solaris 8, Sun 420) running along
with an FTP proxy (jftpgw).

client -> idmz: | FW | :edmz -> FTP server

The client logs into the proxy by connecting to the IDMZ interface on
the firewall. He then logs into the FTP server with anonymous@FTP
Server. This goes fine. Listings can be done and the data channel can be
established.

When trying to send up a large file ~ 100MB the upload starts ok and
seems to keep working but all of a sudden the state closes down and
traffic from the FTP server is denied.

I have map rules on top of ipnat.conf as follows:

map qfe0 0/0 -> 0/32 proxy port 21 ftp/tcp
map qfe5 0/0 -> 0/32 proxy port 21 ftp/tcp

I have FTP passive/active port range open:

#
# FTP proxy Passive
#
block in quick on qfe0 proto tcp from any to IDMZ-IP port = 20 head 460
group 2
pass in log first quick on qfe0 proto tcp from any to IDMZ-IP port
32767 >< 49152 flags S keep state group 460
block in log first quick on qfe0 from any to any group 460

#
# FTP proxy Passive
#
block in quick on qfe5 proto tcp from any to EDMZ-IP port 32767 >< 49152
head 475 group 3
pass in log first quick on qfe5 proto tcp from any to EDMZ-IP port 32767
>< 49152 flags S keep state group 475
block in log first quick on qfe5 from any to any group 475

Log:

Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Read
(1): STOR paultest.bin
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Send
(server - 2): STOR paultest.bin^M
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug]
Write(2): STOR paultest.bin^M
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Read
(2): 150 Opening BINARY mode data connection for paultest.bin.
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug]
Write(1): 150 Opening BINARY mode data connection for paultest.bin.^M
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Send
(client - 1): 150 Opening BINARY mode data connection for
paultest.bin.^M
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Opening
the active FTP port 34119 on CLIENT-IP
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Trying
to get a free source port on address IDMZFW-IP
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.debug] Found
free port 42956 after 0 tries
Sep 25 15:09:47 picsbh6 jftpgw[14112]: [ID 702911 daemon.info]
Throughputrate is -1.000
Sep 25 15:09:47 picsbh6 ipmon[364]: [ID 702911 local0.notice]
15:09:47.550281 qfe5 @475:1 p 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 60 -S 771141877 0 65535 K-S IN
Sep 25 15:09:47 picsbh6 ipmon[364]: [ID 702911 local0.notice]
15:09:47.598434 qfe0 @625:7 p IDMZ-IP,42956 -> CLIENT-IP,34119 PR tcp
len 20 48 -S 661318002 0 24820 K-S OUT
Sep 25 15:09:47 picsbh6 ipmon[364]: [ID 702911 local0.info]
15:09:47.550270 STATE:NEW 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
Sep 25 15:09:47 picsbh6 ipmon[364]: [ID 702911 local0.info]
15:09:47.598422 STATE:NEW IDMZ-IP,42956 -> CLIENT-IP,34119 PR tcp

After a little while:

Sep 25 15:10:15 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:10:15.610768 12x qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR
tcp len 20 52 -A 771141878 669733519 32148 IN
Sep 25 15:11:53 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:11:53.369285 79x qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR
tcp len 20 52 -A 771141878 715033911 32148 IN
Sep 25 15:11:54 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:11:54.362250 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:11:56 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:11:56.361252 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:12:00 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:12:00.361881 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:12:08 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:12:08.361512 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:12:24 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:12:24.361450 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:12:56 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:12:56.361542 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:13:57 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:13:56.362087 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:14:57 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:14:56.361868 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:15:57 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:15:56.362270 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:16:57 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:16:56.361908 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:17:57 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:17:56.361621 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:18:57 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:18:56.361445 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -A 771141878 715035279 32148 IN
Sep 25 15:31:53 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:31:53.400148 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:31:54 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:31:54.713668 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:31:56 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:31:56.243227 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:31:59 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:31:59.302825 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:32:05 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:32:05.424036 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:32:17 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:32:17.654004 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:32:42 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:32:42.124308 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:33:31 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:33:31.036281 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:34:36 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:34:36.267319 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:35:41 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:35:41.519781 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:36:47 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:36:46.710085 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:37:52 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:37:51.921660 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:38:58 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:38:57.143317 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:40:03 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:40:02.394970 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AF 771141878 715035279 32148 IN
Sep 25 15:41:08 picsbh6 ipmon[364]: [ID 702911 local0.warning]
15:41:07.576601 qfe5 @475:2 b 207.25.253.21,20 -> EDMZ-IP,38578 PR tcp
len 20 52 -AR 771141879 715035279 32148 IN

ipfstat -slv shows still in state:

207.25.253.21 -> EDMZ-IP ttl 168692 pass 0x500a pr 6 state 4/4
pkts 74009 bytes 57939348 20 -> 38578 2df6b0f6:2aa02b5b
32148<<2:24624<<0
pass in quick keep state IPv4
pkt_flags & 2(b2) = b, pkt_options & ffffffff = 0
pkt_security & ffff = 0, pkt_auth & ffff = 0
interfaces: in qfe5,- out -,qfe5

Any help would be much appreciated.

Thanks,
Paul


--
NOTICE: If received in error, please destroy and notify sender. Sender
does not waive confidentiality or privilege, and use is prohibited.


Reply With Quote
Reply
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 10:48 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0