Results 1 to 8 of 8

Thread: ftp/vpn question

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785

    ftp/vpn question

    at a remote location something happened to the watchguard soho 6 box that im using as a vpn client. overnight the box is not letting them browse the internet or reach our ftp server. all the settings on the box are correct, it has been working all right for over a year. there is no problem with the tunnel they can reach my network fine. for a quick fix i put anolog-x proxy on one of my computers and pointed them to it. however the windows ftp client and dbremotes ftp client are unable to use this or any other proxy ive seen. they all require a gui type ftp client.

    has anyone ever seen a fw/vpn client behave like this / does anyone know of a proxy that can handle command line ftp clients along with http. i just need it until the end of the week when ill be free to travel there and put another fw in.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  2. #2
    Jaded Network Admin nebulus200's Avatar
    Join Date
    Jun 2002
    Posts
    1,356
    Don't know if it is an option or not, but Apache can proxy SSL, FTP, and HTTP with ease.

    /nebulus
    There is only one constant, one universal, it is the only real truth: causality. Action. Reaction. Cause and effect...There is no escape from it, we are forever slaves to it. Our only hope, our only peace is to understand it, to understand the 'why'. 'Why' is what separates us from them, you from me. 'Why' is the only real social power, without it you are powerless.

    (Merovingian - Matrix Reloaded)

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Did you put ACLs to prevent ICMP? If so you may need to re-enable it (for MTU-path discovery).
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Things don't "just happen", there must be another issue at the remote site causing this problem. As SirDice mentioned, make sure that ICMP is getting through. Have you also considered that perhaps this traffic is being filtered by your provider? This is the least likely scenario, but I've seen it happen before when some newb tech at an ISP thinks he knows his stuff and disables inbound TCP/80 for the business customers...
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  5. #5
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    No I've never seen that particular issue. It doesn't sound too obvious. Is there remote logging enabled? SNMP? Something other than, "one day it stopped working.." ??? There has to be a delta somewhere, maybe something you aren't aware of yet?

    As for a proxy that does ftp... Squid could probably do it. http://www.squid-cache.org/ but it's been a while since I used it, so I'm unsure about the command line deal.

    Or if you just want to proxy the ftp stuff seperate from the web stuff ftp.proxy can handle, you do need a *nix box though. And as far as I know it's client independent and does command line.

    http://www.ftpproxy.org/
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    i reinstalled the dsl software on the computer and had them plug directly into the dsl modem and everything was as it should be. i had a consultant take a look at it and he seems to think that a firmware update might rectify the problem. our argeement with wg has expired and im waiting for approval for the funds so im planning on replacing it.

    just went and re-checked all the setting and they seem to be as they should be.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Junior Member
    Join Date
    Nov 2002
    Posts
    12
    i've seen something like this before, and it was solved by using a ftp client in PASV mode/
    might that be an option?
    The Stranger: Do you have to use so many cuss words?
    The Dude: What the **** you talking about?

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    passive mode wouldnt do any good either because the remote cant see the ftp server's ip address at all when its connected to the fw. it gets its dns resolutions from the network so dns servers are not the prob. if i ping yahoo.com it will echo yahoo's ip address but get no reply. just enabled vnc threw the fw and was able to connect to the computer accross the internet but they still cant see outside the tunnel.

    i have a device sending syslog messages here but none are getting threw. didn't notice that before. i disabled it, rebooted and still have the same condition. i enabled syslogging on the fw and get its messages just fine!?!

    i got a nix box here but for me it would be less trouble to drive over there and probably quicker than to stop everything to figure out how to get squid working for one computer especially since it might not work....but thanks for that anyway. thank you all for trying to help!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •