hi folks,

i ran into a really weird ftp connection problem.

the setup:

- permanent adsl connection
- cisco 1400 router
- zywall100 firewall (dmz / trusted lan)

the problem:

there are SOME remote ftp hosts to which i can not connect. the ftp client gets a 'connected to xyz message' but no login is presented. after some time(out) the remote aborts the connection.

i tried it with different mtu sizes on the client site without succes.

it happens on xp/2k/me/se and it makes no difference if the client is

- between router and firewall (-> in front of the firewall with static ip address)
- in the dmz (nat)
- in the trusted lan (nat)
- if the firewall in enabled or disabled

hint: in the moment the firewall (which does nat) and/or the system in front of the firewall has not valid global dns entry.

is there anybody with an idea what the problem could be?

any thoughts why the problem happens only with some remotes?

cheers,
druid99

Welcome to SpeedGuide.net...

Which FTP client are you using and which method are your using to connect (passive or port mode)?

>Welcome to SpeedGuide.net...

.. hope it helps ;)

>Which FTP client are you using and which method are your using to connect (passive or port mode)?

three types of clients:

- ftp dos command (xp/se/me/2k)
- ftpvoyager (xp/se/me)
- iexplorer 6.0 (under win xp)

in case of voyager passive mode on/off made no difference.

i captured some of the traffic. i seems that there is partly a huge delay when the remote has to answer. i discoverd that there are some news servers which take up to 80 seconds to answer.

i guess there is a problem on the way back to us.

additional info:

we had a linux firewall as the gateway before. with this we did not had these problems.

in the new configuration we use the following gateways:

- before the firewall: the cisco router
- on the firewall: the cisco router

- trusted lan: a w2k server
- dmz: the firewall

- w2k server: the firewall

why does it take so long for some remote hosts to send an answer to us?