Sorry, I meant to say that the "FTP-PASV" option was in fact
checked on both firewalls (recall 1 worked, 1 doesn't), as is the "FTP-PORT"
option on both firewalls. There was some suggestions in previous
postings that disabling those options made them work?? so I tried that on
the firewall that doesn't work, but still no luck. Any other
ideas??
Thanks,
Glenn
-----Original Message-----
From:
Reed Mohn, Anders [mailto:[email protected]]
Sent: Friday, June 29, 2001 4:00 AM
To: 'Glenn Mabbutt';
'[email protected]'
Subject:
RE: [FW1] MS FTP behind NAT
There are multiple suggestions on solving such
problems
in the list archives. ( www.securepoint.com
<http://www.securepoint.com> ).
Try enabling passive-mode FTP on the
FW.
(Under Policy->Properties)
Cheers,
Anders :)
-----Original Message-----
From:
Glenn Mabbutt [mailto:[email protected]]
Sent: 28. juni 2001 00:23
To:
'[email protected]'
Subject:
[FW1] MS FTP behind NAT
I'm having a rather irritating problem: someone behind
one of our FW-1
firewalls has to use Microsoft's
command-line FTP (from win98, win2k, and
winnt) as
part of a batch script (I know it's junk, but the scripter won't
use anything else). I tried it behind a different
FW-1, and it worked.
Here is the common
configuration between the 2 firewalls:
- FW-1 4.1 on NT sp 6a
- hosts are
being NATted, the test PC's are statically mapped to valid IP's
(doing it without the static NAT gives a host of
errors)
- ftp is enabled in the rulebase for outbound connections
Here's what's different between the 2 firewalls (firewall A
functions
properly, firewall B does not):
- firewall A is running FW-1 service pack 2, firewall B is
running FW-1
service pack 3
- SYNDefender is set to "none" on firewall A and is set to
"passive gateway"
on firewall B
- under "logs and alerts" in Policy > Properties, "log
established TCP
connections" is checked on firewall
A and is unchecked on firewall B.
Those are the only differences I can find. What
happens when I try to
connect to an ftp server
behind firewall B is that I can log in, but when I
try to do a directory listing or cd to a directory I get an error
saying
"invalid port command" - no such error from
behind firewall A.
Any suggestions??
thanks,
Glenn
================================================================================
To unsubscribe from this mailing
list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================