[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Help!! Simple FTP Problem
Did you try taking out the FTP_PORT and FTP_PASSIVE out of the rule and just leave normal FTP in? Maybe you could create a 2nd rule right under the normal FTP rule to allow FTP_PORT and FTP_PASSIVE. I've seen problems when you have FTP and FTP_PORT in the same rule with it not allowing people to connect to a simple FTP. It allows the login, but will disconnect immediately after the login as soon as you issue the first command. Just letting the rule say "FTP" as the service fixed this. Will -----Original Message----- From: [email protected] [mailto:[email protected]]On Behalf Of [email protected] Sent: Tuesday, February 27, 2001 9:19 AM To: [email protected]; [email protected] Subject: AW: [FW1] Help!! Simple FTP Problem Actually we also have had this problem. Only a downgrade to SP2 brought a solution. --Joerg -----Ursprüngliche Nachricht----- Von: Keigo Hanaoka [mailto:[email protected]] Gesendet: Montag, 26. Februar 2001 09:28 An: [email protected] Betreff: [FW1] Help!! Simple FTP Problem Does anyone tell me how i can deal with simple FTP connection via FW1-v4.1 SP 3 (on AIX) ?? This was like a duplicated question, but probably my case would be simpler. FTP server is on DMZ, FTP clients are in both internal network and Internet. FTP server itself should be no problem because another machine on DMZ is able to connect with ftp. it would be a problem when ftp was going through the FW1. i am trying FTP connection from Internet (or internal) side towards DMZ, and the first connection (which means just connect to the server,) is no problem. when the server is trying to reply to the client, the Firewall drop the connection based on rule zero!! the client cannot log in, that is.., it droped before the ftp control would be established. i checked that both "Enable FTP Port" and "Enable FTP PASV" are checked, on the "service" of "Properties Setup." Address translation would be quite simplly set. ANY FTP(Global)------>ANY FTP(Private) ANY FTP(Private)----->ANY FTP(Global) Also, the current policy is just: Source Destination Service ANY FTP_server(Global IP) ftp accept ANY ANY ANY Drop Please help me!! appriciate with regards ********************************************* Keigo Hanaoka <[email protected]> e-business Infrastructure Integration Div. Unauthorized Access Countermeasures Dept. LAC Co.,Ltd. http://www.lac.co.jp/security/ Phone +81-3-5531-0332 FAX +81-3-5531-0142 ********************************************* ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|