Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Fw: unknown established tcp packet

To: Dorny <[email protected]>
Subject: Re: [FW1] Fw: unknown established tcp packet
From: Bernard RAOUL <[email protected]>
Date: Fri, 27 Jul 2001 17:44:51 +0200
Cc: [email protected]
Organization: ATMEL Nantes
References: <[email protected]>
Sender: [email protected]

> Dorny wrote:
> 
> Once again another e-mail titled unknown established tcp packet.  I
> have
> looked through the list but I was not able to find a definitive
> solution for
> this error.  Here is my problem after applying the latest check point
> service pack (SP4) I began seeing my logs fill up with dropped packets
> by
> rule 0 with the unknown TCP error.  Now I have customers telling me
> that
> they cannot ssh, run restores, ect through their firewalls which upon
> further investigation I noticed that all the packets were being
> dropped by
> rule 0.  I am also seeing lots of in-bound packet to customer web
> sites
> being dropped by rule 0 with the same error.  None of this was
> happening
> when I was at SP 1 or 2.  Anyone out there have a solution for
> this????
> 
> --Richard Dornhart
> 

Unfortunately, i have no solution, but i want to say
that i meet same problem this week.

Last week i have installed SP4 version of FW1 (Version 4.1 Build 41862)
.
It worked fine during one week untill i added  in $FWDIR/lib/init.def 
	#define FTP_CONTROL_TIMEOUT 30

I tried this because of FTP exchange through the FW1   
and an ISDN link behind, which fails before ISDN link is mounted.

	Connected to fw.
	220 aftpd:Check Point FireWall-1 Secure FTP server running on fw1
	331 aftpd: FireWall-1 password: you can use password@FW-1-password
	413-aftpd:User datalink authenticated by FireWall-1 authentication
	413 aftpd:Connection to ..xxx.xxx failed
	Login failed.
	421 Service not available, remote server has closed connection
	Not connected.

When ISDN link is up, some seconds later, i am able to connect to the
site with FTP.

As the modification of $FWDIR/lib/init.def did not fix this ISDN
problem,
i restaured the original file, and since this time i am unable
to connect to an FTP server on  DMZ,
getting the   "rule 0 reason: unknown established TCP packet" message.

Any suggestion will be welcome.

-- Bernard RAOUL.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Fw: unknown established tcp packet
  - From: "Dorny" <[email protected]>

Prev by Date: [FW1] ---- CheckPoint NG / static NAT / proxy ARP / Windows2000 ----
Next by Date: [FW1] 4.1 SP3 problem
Previous by thread: [FW1] Fw: unknown established tcp packet
Next by thread: RE: [FW1] Fw: unknown established tcp packet
Index(es):
- Date
- Thread