[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] NAT with ftp
Have you set up Anti Spoofing for your internal net? Naresh Brad Van Orden wrote: > Hello All, > > I hope someone can help me figure this out. I have the internal office > network on a 10.0.0.0 subnet. One of the workstations on the internal > network I have a static NAT translation for. When logged onto the firewall > console I can successfully open an ftp session to the 10.* address of that > workstation. However, as soon as I attempt to open a data connection, the > firewall log shows the source being the 10.* address of the firewall's > internal NIC and the desitination being the routable address of the > workstation. This gets accepted. The next line shows the return data > connection with the source being again the routable address of the > workstation and the source being the 10.* address of the firewall. This > gets dropped because of "unknown established TCP packet." A couple > seconds later I get another attempt from the workstation to open the > return channel for the data. This time the source is its 10.* address and > this gets blocked by the SYNDefender warning about a SYN -> SYN-ACK > timeout. Anybody have an idea what I've done wrong and how to fix it? > > Thanks, > > Brad > > ================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================================================ -- Naresh Narang Tel. 7305315 x119 [email protected] ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|