cancel
Showing results for 
Search instead for 
Did you mean: 
lubomir_cerny
Level 12

How to test active FTP connection via CLI console ?

Hi folks,

we have troubles setup active ftp connection via MWB7 (7.1.6.0 or 7.2.0) behind Checkpoint firewall with statefull detection. Incomming connection is allowed only if outgoing connection is setup first. LIST command is OK using MWG FTP proxy module on port 2121. FTP connection ends with

At FW logs, there is even NO comming conection from ftp server back to MWG as client ...

On end user PC, FTP client shows:

Status:    Connection exstablished, waiting for welcome page

Response:    220 McAfee Web Gateway 7.1.0 build 12651

Command:    USER domain\username

Response    331 User name okay, need password.

Command:    PASS ******

Response:    230 User logged in, proceed.

Command:    USER ixxx@ftp.xxx.cxx

Response    331 User name okay, need password.

Command:    PASS ******

Response:    230 User ixxx logged in.

Command:    SYST

Response:    215 Windows_NT

Command:    FEAT

Response:    211-Features:

Response:      SIZE

Response:      MDTM

Response:    211 End

Status:    Connected

Status:    Recieving folder list...

PWD

Response:    257 "/isdl"

Command:    TYPE I

Response:    200 Type set to I.

Command:    PORT 172,17,100,111,16,21

Response:    200 Command okay.

Command:    LIST

Response:    150 File status okay; about to open data connection.

The strange is, that if I bypass proxy and try dirrect active connection via the same client, connection is OK. Also old Squid proxy is abble to established active FTP connection to the same server.

Is there any way to test ftp connection from CLI console to be sure, proxy applience is abble to connect ?

UPDATE: I have tested ftp conection using lftp console client and it is able to open active ftp connection and parse data. Troubles are still with parsing data from connection open via MWG FTP proxy.

Another thing is, that there is special settings for lftp (/etc/lftp.conf) to parse data for microsoft ftp service.

Message was edited by: lubomir.cerny on 5/15/12 12:19:24 PM CEST
0 Kudos
2 Replies
Regis
Level 12

Re: How to test active FTP connection via CLI console ?

This is a specific enough issue that you probably want to engage mcafee support and have them look more specifically at your configuration. 

It's not clear to me if you're talking about inbound ftp somehow or if you're doing outbound ftp.

0 Kudos
lubomir_cerny
Level 12

Re: How to test active FTP connection via CLI console ?

Finally we solve this ACTIVE FTP on FW side. But I am not still sure if FTP over HTTP proxy module is able use activeve ftp. The settings is the same as for FTP proxy module, but makes no sense in some situations.

Basicaly: to test ftp connection can be done via CLI by Lftp command on install mc on box.

0 Kudos