|
|
|
|
|
|
|
|
 |
 |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] High Port FTP
Iztok, Did you check the box in Policy->Properties-> Services->Enable FTP PORT Data Connections or add a rule to allow the data back connection. Explain how you changed the FTP to the high port that your using. I'll assume(ack) that you changed the services file and restarted the FTP service via an 'init q'. Did you change the 'ftp-data 20/tcp' reference as well? Oh, and change the service type of your NEW service from 'FTP' to 'other'. FTP is slightly retarded(OK completely.) In most circumstances, when your perform a data transfer with ls/dir, put, get, etc., and your not PASVing, your system will listen on FTP_CTRL_Port minus one. So in a non-modified FTP environment, FTP servers listen on port 21 and talk to the client on 20 (ctrl port 21 minus one or 20). Checkpoint will try and keep track of this, but in v3.x and v4.0, you need to convince the software(via INSPEC) to track the new control and data ports. This is in addition to creating the new FTP service on the higher ports, which you should have done already. Phoneboy has a writeup, but I found it hard to read the first time through(many moons ago). Take a peek at his FAQ at http://www.phoneboy.com/fw1/faq/0158.html. If your still having troubles, send along the lines in your rulebase about FTP, what the new service is defined as, what policy properties are selected, and the log references showing any FTP drops/rejects. Robert - - Robert P. MacDonald Global Infrastructure Group, Haworth, Inc. Voice:email: [email protected] > "Iztok Umek" <[email protected]> 02/22/01 05:27PM >>> >Forgive my ignorance. > >How do I do that in CP FW-1 4.1 SP3? > >Regards, > Iztok >> Have you told the system about the return data >> port connection? If you check your logs, you should >> see the return connection get dropped/rejected. >> >>> - - - - - - - - - - - - - >>> "Iztok Umek" <[email protected]> 02/22/01 01:22PM >>> >>>I did that. Works half way. >>> >>>I can log in to FTP server but when I do command like "dir" it is stuck >>>there (timeout). >>> >>>Problem with the fact that FW-1 4.1 (SP3) doesn't think this is FTP >>>service it should monitor packages for port issues. >>> >>>Regards, >>> Iztok >>> >>>> - - - - - - - - - - - - - >>>> Matthias Leu <[email protected]> 02/22/01 01:20PM >>> >>>> Hi, >>>> try to define this service in the service manager. As >>>> protocol type you choose FTP. >>>> Take it in the rulebase and it should work. Regard the >>>> properties (policy, >>>> properties, services, ftp). >>>> Hope it helps, >>>> >>>>> - - - - - - - - - - - - - >>>>> "Iztok Umek" <[email protected]> 02/22/01 12:25PM >>> >>>>> I try to run a server in DMZ with high port FTP (4482 i.e.). >>>>> >>>>> How do I convince CP 4.1 SP3 (RedHat 6.2) to know this is FTP port? >>>>> >>>>> Regards, >>>>> Iztok ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|
||||||||||
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
