Bug #21150 for libnet: Net::FTP and Symantec Firewall: Bad command sequence

Hello, we are experiencing problems while transferring data via Net::FTP (version 2.75, in libnet version 1.19) to servers behind our firewall. The firewall is a Symantec Gateway Security 5420, Software Version 3.0.1 Patch Level D. This machine acts as a _transparent_ FTP proxy, so the target server can be directly reached by authorized clients (no real FTP proxy!) With older versions of the firewall software (before 3.0) all worked fine: Net::FTP>>> Net::FTP(2.75) Net::FTP>>> Exporter(5.567) Net::FTP>>> Net::Cmd(2.26) Net::FTP>>> IO::Socket::INET(1.27) Net::FTP>>> IO::Socket(1.28) Net::FTP>>> IO::Handle(1.23) Net::FTP=GLOB(0x300231f0)<<< 220 helena FTP server (Version wu-2.6.2(1) Thu Mar 11 13:58:07 NFT 2004) ready. Net::FTP=GLOB(0x300231f0)>>> user patrol Net::FTP=GLOB(0x300231f0)<<< 331 Password required for patrol. Net::FTP=GLOB(0x300231f0)>>> PASS .... Net::FTP=GLOB(0x300231f0)<<< 230-Willkommen! dierichs Medien-Gruppe FTP-Server Net::FTP=GLOB(0x300231f0)<<< 230- Net::FTP=GLOB(0x300231f0)<<< 230 User patrol logged in. Net::FTP=GLOB(0x300231f0)>>> TYPE I Net::FTP=GLOB(0x300231f0)<<< 200 Type set to I. Net::FTP=GLOB(0x300231f0)>>> CWD /home/patrol Net::FTP=GLOB(0x300231f0)<<< 250 CWD command successful. Net::FTP=GLOB(0x300231f0)>>> PWD Net::FTP=GLOB(0x300231f0)<<< 257 "/home/patrol" is current directory. Net::FTP=GLOB(0x300231f0)>>> ALLO 31 Net::FTP=GLOB(0x300231f0)<<< 202 ALLO command ignored. Net::FTP=GLOB(0x300231f0)>>> PORT 172,16,50,204,154,37 Net::FTP=GLOB(0x300231f0)<<< 200 PORT command successful. Net::FTP=GLOB(0x300231f0)>>> STOR dummy.txt Net::FTP=GLOB(0x300231f0)<<< 150 Opening BINARY mode data connection for dummy.txt. Net::FTP=GLOB(0x300231f0)<<< 226 Transfer complete. With the new software we see the following (excerpt): Net::FTP=GLOB(0x300231f0)>>> ALLO 31 Net::FTP=GLOB(0x300231f0)<<< 202 ALLO command ignored. Net::FTP=GLOB(0x300231f0)>>> PORT 172,16,50,204,224,237 Net::FTP=GLOB(0x300231f0)<<< 530 Bad command sequence # [<-- here's the problem] In our script we're doing only a 'put', no 'alloc' of our own. Symantec state that the new software version be extremely RFC959 compliant, so that after an ALLO only STOR or APPE were allowed (and not PORT). RFC959 says on ALLO (p. 30/31): "ALLOCATE (ALLO) ... ... This command shall be followed by a STORe or APPEnd command ..." So Symantec seem to be right. The sequence of commands should be changed (first PORT, then ALLO), or the unnecessary ALLO be avoided at all (perhaps by an option?) Ist this correct, or are we completely wrong and there's another way? Thank you very much for your great work, sincerely Norbert ---------------------------------------------------------- Norbert Stemmler ---------------------------------------------------------- IT / Teamleiter Systemadministration Verlag Dierichs GmbH & Co KG Kassel Germany ---------------------------------------------------------- Tel. 0561/203-1736 Fax 0561/203-2736 mailto:steno@dierichs.de ---------------------------------------------------------- "Round up the usual suspects!" (Cpt. Renault, "Casablanca") ----------------------------------------------------------