Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

PIX 6.2 and fast FTP in passive mode

Hello all,

I have an issue with a PIX and fast passive FTP connection sending multiple files. The source of the "problem" is the following: when receiving requests for 2 or more STORs quickly one after the other, my FTP Daemon (wu-ftpd) proposes the same destination port for the data connections. This seems to be fine with the RFCs, and it works pretty well as long as the PIX is not involved. However, the ftp fixup seems to ignore that there was a second PASV command issued that received that same answer and thus denies the second data connection.

In a more schematic way:

client -> server

PASV ->

<- PASV x,x,x,x,4,10

STOR ->

(data transfer is done correctly)

(connection a.a.a.a:1030 -> x.x.x.x:1034)

PASV ->

<- PASV x,x,x,x,4,10 (same port!)

STOR ->

(data connection is denied by PIX)

(attempted connection a.a.a.a:1031 -> x.x.x.x:1034)

Could anyone offer some hints on this? Maybe some parameters on the ftp fixup?

BTW, allowing all connections to the ftp server on any port above 1024 solves the problem, but I don't need a PIX to do that....

Best,

Gilles

2 REPLIES
New Member

Re: PIX 6.2 and fast FTP in passive mode

what happens when you type passive at the ftp prompt before trying to get/put data?

New Member

Re: PIX 6.2 and fast FTP in passive mode

I'n not sure I'm getting your point. Nothing happens: the client switches to active and no transfer at all is possible (not even a first file). But that's the expected behaviour.

The ftp _seems_ to work as it should, unless there is some RFC that forbids the reuse of a port for data transfer....

Gilles

103
Views
0
Helpful
2
Replies
CreatePlease to create content