NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] MS FTP behind NAT



There are multiple suggestions on solving such problems
in the list archives. ( www.securepoint.com <http://www.securepoint.com> ).
 
Try enabling passive-mode FTP on the FW.
(Under Policy->Properties)
 
 
Cheers,
Anders :)
 
 
 

-----Original Message-----
From: Glenn Mabbutt [mailto:[email protected]]
Sent: 28. juni 2001 00:23
To: '[email protected]'
Subject: [FW1] MS FTP behind NAT



I'm having a rather irritating problem:  someone behind one of our FW-1
firewalls has to use Microsoft's command-line FTP (from win98, win2k, and
winnt) as part of a batch script (I know it's junk, but the scripter won't
use anything else).  I tried it behind a different FW-1, and it worked.
Here is the common configuration between the 2 firewalls:

- FW-1 4.1 on NT sp 6a 
- hosts are being NATted, the test PC's are statically mapped to valid IP's
(doing it without the static NAT gives a host of errors)

- ftp is enabled in the rulebase for outbound connections 

Here's what's different between the 2 firewalls (firewall A functions
properly, firewall B does not): 

- firewall A is running FW-1 service pack 2, firewall B is running FW-1
service pack 3 

- SYNDefender is set to "none" on firewall A and is set to "passive gateway"
on firewall B 

- under "logs and alerts" in Policy > Properties, "log established TCP
connections" is checked on firewall A and is unchecked on firewall B.

Those are the only differences I can find.  What happens when I try to
connect to an ftp server behind firewall B is that I can log in, but when I
try to do a directory listing or cd to a directory I get an error saying
"invalid port command" - no such error from behind firewall A.

Any suggestions?? 

thanks, 
Glenn 



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.