ftp filter exception problem

[Chris]

Hi all: I am having an issue with my ISP when connecting
via FTP. We run BM 3.9 sp2 and are using the
ftp-port-pasv-st filter. I can connect to the ftp server
OK, but cannot get directory listings. My ftp client says:

Failed to retrieve directory listing

Turning of filtering (unload ipflt) resolves the problem so
it has got to be a filter issue. I suppose I can create
inbound and outbound filters for ports 20 and 21, but
shouldn't the stock filter work???

Thanks for the help, Chris.

[Chris]

Sorry - posted in wrong forum. PBKAC

>>> On 7/20/2009 at 1:16 PM, in message
<4A646E3E.CE15.0032.0@N0_$pam.vrapc.com>,

[Craig Johnson]

In article <4A646E3E.CE15.0032.0@N0_$pam.vrapc.com>, Chris wrote:
> Turning of filtering (unload ipflt) resolves the problem so
> it has got to be a filter issue. I suppose I can create
> inbound and outbound filters for ports 20 and 21, but
> shouldn't the stock filter work???
>

I'm guessing you have more than one stateful FTP filter exception, and
they overlap. I've seen a number of cases where one exception
interferes with the other, and the traffic ends up blocked. (I assume
the traffic registers with one exception but not the other, and the
other is needed to allow the traffic). For instance, don't put in
both an FTP-PORT-ST and an FTP-PORT-PASV-ST to the same location.

Craig Johnson
Novell Support Connection SysOp
*** For a current patch list, tips, handy files and books on
BorderManager, go to http://www.craigjconsulting.com ***