Both
are "enabled". I tried to edit "base.def" by following "phoneboy's"
instructions but that didn't work either. The code apparently had some
errors in it (wasn't successful in debugging it). I also created the
following rule:
Source
Destination
Service
Action
internal
external ftp-high-port
accept
where "ftp-high-port" has the following
in
match
field: tcp, dport >= 1024, dport <= 65535
Should
I modify this rule so that instead of internal I have
outside-firewall-interface?...
I was
a bit confused so just to cover all the bases I created another rule for testing
purposes with reversed Source/Destination.
I am
still not able to establish a data connection form any of the internal boxes but
when I try to FTP from the actual firewall itself, everything goes okay.
How come the firewall is not having any of these problems?
Thanks
Keyvan
Make certain you have the following selected
in Policy---->Properties----->Services
"Enable FTP Port
Data Connections"
and
"Enable FTP PASV Data Connections"
-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- Larry Pingree Sr.
Security Consultant Email: [email protected]
SiegeWorks Company WebSite: http://www.siegeworks.com/Security
Installation, Training and
Consulting -=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
Sent: Friday, February 23, 2001 1:37
PM
Subject: [FW1] Restrictions of FTP data
connection by FW1
I have discovered that my FW1 is blocking ftp
data connections. I do not have any problems with the control
connections but when I try to retrieve data from a remote host, that return
connection gets blocked by the firewall. How do I resolve
this?
Many thanks
Keyvan
|