Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] FW: ftp problem using win client and CVP

To: "'[email protected]'" <[email protected]>
Subject: [FW1] FW: ftp problem using win client and CVP
From: Maxi Tracy A Contr AFRL/SNOO <[email protected]>
Date: Wed, 6 Dec 2000 11:27:56 -0500
Sender: [email protected]

All,

I am posting a 2nd time because it does not appear to have made it to the list.  Please forgive me if it is a duplicate...

Thanks

Tracy

>  -----Original Message-----
> From: 	Maxi Tracy A Contr AFRL/SNOO  
> Sent:	Monday, December 04, 2000 1:45 PM
> To:	'[email protected]'
> Subject:	ftp problem using win client and CVP
> 
> All,
> 
> I have gone through the fw archives and Phoneboy's site but have not seen anything that I thought applied directly to this scenario...  Hopefully someone can shed some light on this for me.
> 
> a)  I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) going through my CVP.  (there are fw log entries)
> b)  I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) NOT going through my CVP.  (there are fw log entries)
> 
> c)  I can NOT do the same ftp via a client such as wsftp32 or ws_ftppro going through my CVP.  (there is nothing in fw log)
> d)  I CAN do the same ftp via a client such as wsftp32 or ws_ftppro if I do NOT go through the CVP.  (there is a fw log entry)
> 
> I do not understand why in case c I do not see anything in my firewall logs?  I log everything.  It makes it seem like it never gets to the firewall...
> 
> Is this a fw config issue, an ftp client issue, or a CVP issue?
> 
> Here is my current configuration:
> 
> Solaris 2.6 and FW 4.1sp2
> 
> rules:
> source		destination	service		comment
> my-IP		any		ftp->acvpre	rule used in a above
> 
> my-IP		any		ftp		rule used in b and d above; I created this rule as a test for troubleshooting
> 
> rule 0:
> have enabled FTP PORT data connections
> have enabled FTP PASV data connections
> 
> config files:
> $FWDIR/conf/fwopsec.conf contains:
> ...
> server        127.0.0.1         18181            auth_opsec
> server        127.0.0.1         18182            auth_opsec
> ...
> 
> 
> /opt/CPfw1-41/lib/base.def contains for ftp:
> ...
> // #define FTPPORT(match)       (call KFUNC_FTPPORT <(match)>)
> #define FTP_ENFORCE_NL
> ...
> 
> Thanks in advance for any help you may provide.  Please let me know if there is other info that would be helpful in resolving this.
> 
> Tracy A. Maxi
> Firewall Administrator
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] IKE VPN FW-1 <> Cisco
Next by Date: Re: [FW1] Gigabit Network Support
Previous by thread: Re: [FW1] IKE VPN FW-1 <> Cisco
Next by thread: Re: [FW1] Gigabit Network Support
Index(es):
- Date
- Thread