NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Help!! Simple FTP Problem



Did you try taking out the FTP_PORT and FTP_PASSIVE out of the rule and just
leave normal FTP in? Maybe you could create a 2nd rule right under the
normal FTP rule to allow FTP_PORT and FTP_PASSIVE. I've seen problems when
you have FTP and FTP_PORT in the same rule with it not allowing people to
connect to a simple FTP. It allows the login, but will disconnect
immediately after the login as soon as you issue the first command. Just
letting the rule say "FTP" as the service fixed this.

Will




-----Original Message-----
From: [email protected]
[mailto:[email protected]]On Behalf Of
[email protected]
Sent: Tuesday, February 27, 2001 9:19 AM
To: [email protected]; [email protected]
Subject: AW: [FW1] Help!! Simple FTP Problem



Actually we also have had this problem.
Only a downgrade to SP2 brought a solution.
--Joerg


-----Ursprüngliche Nachricht-----
Von: Keigo Hanaoka [mailto:[email protected]]
Gesendet: Montag, 26. Februar 2001 09:28
An: [email protected]
Betreff: [FW1] Help!! Simple FTP Problem




Does anyone tell me how i can deal with
simple FTP connection via FW1-v4.1 SP 3 (on AIX) ??

This was like a duplicated question, but probably
my case would be simpler.

FTP server is on DMZ, FTP clients are in both
internal network and Internet.
FTP server itself should be no problem because
another machine on DMZ is able to connect with ftp.

it would be a problem when ftp was going through the FW1.

i am trying FTP connection from Internet (or internal) side
towards DMZ, and the first connection
(which means just connect to the server,)
is no problem.
when the server is trying to reply to the client, the Firewall
drop the connection based on rule zero!!
the client cannot log in, that is..,
it droped before the ftp control would be established.

i checked that both "Enable FTP Port" and "Enable
FTP PASV" are checked, on the "service" of "Properties Setup."

Address translation would be quite simplly set.

ANY	FTP(Global)------>ANY	FTP(Private)
ANY	FTP(Private)----->ANY	FTP(Global)

Also, the current policy is just:

Source		Destination		Service

ANY		FTP_server(Global IP)	ftp	accept
ANY		ANY			ANY	Drop

Please help me!!
appriciate with regards

*********************************************
Keigo Hanaoka <[email protected]>
e-business Infrastructure Integration Div.
Unauthorized Access Countermeasures Dept.
LAC Co.,Ltd.  http://www.lac.co.jp/security/
Phone +81-3-5531-0332 FAX +81-3-5531-0142
*********************************************



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.