[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] MS FTP behind NAT
There are multiple suggestions on solving such problems in the list archives. ( www.securepoint.com <http://www.securepoint.com> ). Try enabling passive-mode FTP on the FW. (Under Policy->Properties) Cheers, Anders :) -----Original Message----- From: Glenn Mabbutt [mailto:[email protected]] Sent: 28. juni 2001 00:23 To: '[email protected]' Subject: [FW1] MS FTP behind NAT I'm having a rather irritating problem: someone behind one of our FW-1 firewalls has to use Microsoft's command-line FTP (from win98, win2k, and winnt) as part of a batch script (I know it's junk, but the scripter won't use anything else). I tried it behind a different FW-1, and it worked. Here is the common configuration between the 2 firewalls: - FW-1 4.1 on NT sp 6a - hosts are being NATted, the test PC's are statically mapped to valid IP's (doing it without the static NAT gives a host of errors) - ftp is enabled in the rulebase for outbound connections Here's what's different between the 2 firewalls (firewall A functions properly, firewall B does not): - firewall A is running FW-1 service pack 2, firewall B is running FW-1 service pack 3 - SYNDefender is set to "none" on firewall A and is set to "passive gateway" on firewall B - under "logs and alerts" in Policy > Properties, "log established TCP connections" is checked on firewall A and is unchecked on firewall B. Those are the only differences I can find. What happens when I try to connect to an ftp server behind firewall B is that I can log in, but when I try to do a directory listing or cd to a directory I get an error saying "invalid port command" - no such error from behind firewall A. Any suggestions?? thanks, Glenn ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|