[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] FTP problems through 4.1 sp-2 looking for Ideas
From: http://www.securityportal.com/topnews/weekly/checkpoint20000918.html Multiple Problems with FTP After Upgrading "Multiple Threads" posted by multiple frustrated administrators Q: It is becoming very apparent that Check Point may have overlooked a few things related to FTP in their latest Service Packs. Many, many people have posted problems with FTP DATA channels not working, PASV FTP not working, or strange timeouts during active FTP sessions. This must be a big problem, as the #1 most frequently downloaded problem solution at Check Point's support site is currently "FTP to specific servers fails." A: Check Point's solutions to these problems are as follows: "FTP to specific servers fails," Problem ID # (10043.0.982): Edit the $FWDIR/lib/base.def file to allow FTP headers without "\r\n": Stop FireWall-1 (fwstop) Edit the /$FWDIR/lib/base.def Mark out the following line: #define FTP_ENFORCE_NL to: //#define FTP_ENFORCE_NL Start FireWall-1 (fwstart) Re-install the policy "FTP to some servers fails," Problem ID # (10043.0.413): Edit the /$FWDIR/lib/base.def file to allow this behavior: Stop the FireWall (fwstop) Edit the $FWDIR/lib/base.def: Change it from: #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FireWall module to insist on // a newline at the end of the PORT command: // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) To: //#define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FireWall module to insist on // a newline at the end of the PORT command: #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) (The change is to comment the first line, and uncomment the last one) Start the FireWall (fwstart) Re-install the policy Although these solutions worked well for some, many others still had problems after applying these fixes. Most are very frustrated by this, and hope that Check Point will be fixing this once and for all in their next Service Pack. HTH -- Chris --- Thomas Stala <[email protected]> wrote: > > ok here is the good part. if I wait for the web > browser to connect I move > around with no problem at all. I can go from > directory to directory. > > I wish this was good enough but we have servers > running scripts that do this > automatically I am at a loss. > > > ----- Original Message ----- > From: "Thomas Stala" <[email protected]> > To: <[email protected]> > Sent: Wednesday, February 07, 2001 6:01 PM > Subject: [FW1] FTP problems through 4.1 sp-2 looking > for Ideas > > > > > > I have tried to do an ftp session through a dos > prompt nt 2000. connection > > refused. > > > > if I try this outside of the firewall it works > fine. > > > > I am able to get to other ftp sites fine. > > > > I created a rule to allow the server to do > > ftp > > ftp-pasv > > ftp-port > > > > I never see anything being rejected in the logs. > > > > if I use my browser version 5.0 it takes about 5 > minutes and then it gets > to > > the site? > > > > > > any ideas > > > > > > > > > > > > > > > > > > > > Thomas Stala > > MCSE CCSE > > [email protected] > > pager> > cell> > > > > > > > > ============================================================================ > ==== > > To unsubscribe from this mailing list, please > see the instructions at > > > http://www.checkpoint.com/services/mailing.html > > > ============================================================================ > ==== > > > > ================================================================================ > To unsubscribe from this mailing list, please > see the instructions at > > http://www.checkpoint.com/services/mailing.html > ================================================================================ __________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|