Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
2
Replies

PIX 6.2 and fast FTP in passive mode

gmassen
Level 1
Level 1

‎12-13-2002 09:55 AM - edited ‎02-20-2020 10:26 PM

Hello all,

I have an issue with a PIX and fast passive FTP connection sending multiple files. The source of the "problem" is the following: when receiving requests for 2 or more STORs quickly one after the other, my FTP Daemon (wu-ftpd) proposes the same destination port for the data connections. This seems to be fine with the RFCs, and it works pretty well as long as the PIX is not involved. However, the ftp fixup seems to ignore that there was a second PASV command issued that received that same answer and thus denies the second data connection.

In a more schematic way:

client -> server

PASV ->

<- PASV x,x,x,x,4,10

STOR ->

(data transfer is done correctly)

(connection a.a.a.a:1030 -> x.x.x.x:1034)

PASV ->

<- PASV x,x,x,x,4,10 (same port!)

STOR ->

(data connection is denied by PIX)

(attempted connection a.a.a.a:1031 -> x.x.x.x:1034)

Could anyone offer some hints on this? Maybe some parameters on the ftp fixup?

BTW, allowing all connections to the ftp server on any port above 1024 solves the problem, but I don't need a PIX to do that....

Best,

Gilles

0 Helpful
2 Replies 2

dawsonpa
Level 1
Level 1

‎12-23-2002 12:25 AM

what happens when you type passive at the ftp prompt before trying to get/put data?

0 Helpful

gmassen
Level 1
Level 1
In response to dawsonpa

‎12-23-2002 12:37 AM

I'n not sure I'm getting your point. Nothing happens: the client switches to active and no transfer at all is possible (not even a first file). But that's the expected behaviour.

The ftp _seems_ to work as it should, unless there is some RFC that forbids the reuse of a port for data transfer....

Gilles

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card