ftp/vpn question

Printable View

May 4th, 2004, 02:56 PM
Tedob1

ftp/vpn question

at a remote location something happened to the watchguard soho 6 box that im using as a vpn client. overnight the box is not letting them browse the internet or reach our ftp server. all the settings on the box are correct, it has been working all right for over a year. there is no problem with the tunnel they can reach my network fine. for a quick fix i put anolog-x proxy on one of my computers and pointed them to it. however the windows ftp client and dbremotes ftp client are unable to use this or any other proxy ive seen. they all require a gui type ftp client.

has anyone ever seen a fw/vpn client behave like this / does anyone know of a proxy that can handle command line ftp clients along with http. i just need it until the end of the week when ill be free to travel there and put another fw in.
May 4th, 2004, 03:02 PM
nebulus200

Don't know if it is an option or not, but Apache can proxy SSL, FTP, and HTTP with ease.

/nebulus
May 4th, 2004, 03:09 PM
SirDice

Did you put ACLs to prevent ICMP? If so you may need to re-enable it (for MTU-path discovery).
May 4th, 2004, 03:19 PM
chsh

Things don't "just happen", there must be another issue at the remote site causing this problem. As SirDice mentioned, make sure that ICMP is getting through. Have you also considered that perhaps this traffic is being filtered by your provider? This is the least likely scenario, but I've seen it happen before when some newb tech at an ISP thinks he knows his stuff and disables inbound TCP/80 for the business customers...
May 4th, 2004, 03:31 PM
KorpDeath

No I've never seen that particular issue. It doesn't sound too obvious. Is there remote logging enabled? SNMP? Something other than, "one day it stopped working.." ??? There has to be a delta somewhere, maybe something you aren't aware of yet?

As for a proxy that does ftp... Squid could probably do it. http://www.squid-cache.org/ but it's been a while since I used it, so I'm unsure about the command line deal.

Or if you just want to proxy the ftp stuff seperate from the web stuff ftp.proxy can handle, you do need a *nix box though. And as far as I know it's client independent and does command line.

http://www.ftpproxy.org/
May 4th, 2004, 03:48 PM
Tedob1

i reinstalled the dsl software on the computer and had them plug directly into the dsl modem and everything was as it should be. i had a consultant take a look at it and he seems to think that a firmware update might rectify the problem. our argeement with wg has expired and im waiting for approval for the funds so im planning on replacing it.

just went and re-checked all the setting and they seem to be as they should be.
May 4th, 2004, 03:57 PM
TheDude69

i've seen something like this before, and it was solved by using a ftp client in PASV mode/
might that be an option?
May 4th, 2004, 10:07 PM
Tedob1

passive mode wouldnt do any good either because the remote cant see the ftp server's ip address at all when its connected to the fw. it gets its dns resolutions from the network so dns servers are not the prob. if i ping yahoo.com it will echo yahoo's ip address but get no reply. just enabled vnc threw the fw and was able to connect to the computer accross the internet but they still cant see outside the tunnel.

i have a device sending syslog messages here but none are getting threw. didn't notice that before. i disabled it, rebooted and still have the same condition. i enabled syslogging on the fw and get its messages just fine!?!

i got a nix box here but for me it would be less trouble to drive over there and probably quicker than to stop everything to figure out how to get squid working for one computer especially since it might not work....but thanks for that anyway. thank you all for trying to help!