NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Betreft: [FW-1] ftp data blocking problem



Hi Tim,

I had a similar problem with our Nokia 440 and was able to solve it with what i
found on phoneboy, especially the last section.

The TIS FTP proxy (used by both Gauntlet and the TIS Toolkit) send a port
> command in one packet and the "newline" character in another.
> By default, FireWall-1 assumes the PORT command and the newline will appear in
> the same packet.
> To enable checking for this, uncomment out the following #define statement in
> $FWDIR/lib/base.def on the management console:
> //    Use this if you do not want the FW-1 module to insist on a newline at
the
> // end of the PORT command:
> //#define FTPPORT(match)        (call KFUNC_FTPPORT <(match), [110, b]>)
>
> A few lines above it should be another FTPPORT(match) definition that you
> comment out.  Re-install the rulebase.
>
> Some other sites fail as well.
> This is because they do not send out a proper newline in their header and some
> versions of FireWall-1 check for this.
> FireWall-1 4.0 SP7, 4.0 SP5 build 13 on Nokia, and 4.1 SP2 all have this
> behaviour.
> To resolve this comment out the following line in $FWDIR/lib/base.def and
> reinstall the policy:
>
> #define FTP_ENFORCE_NL
>


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.