[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Betreft: [FW-1] ftp data blocking problem
Hi Tim, I had a similar problem with our Nokia 440 and was able to solve it with what i found on phoneboy, especially the last section. The TIS FTP proxy (used by both Gauntlet and the TIS Toolkit) send a port > command in one packet and the "newline" character in another. > By default, FireWall-1 assumes the PORT command and the newline will appear in > the same packet. > To enable checking for this, uncomment out the following #define statement in > $FWDIR/lib/base.def on the management console: > // Use this if you do not want the FW-1 module to insist on a newline at the > // end of the PORT command: > //#define FTPPORT(match) (call KFUNC_FTPPORT <(match), [110, b]>) > > A few lines above it should be another FTPPORT(match) definition that you > comment out. Re-install the rulebase. > > Some other sites fail as well. > This is because they do not send out a proper newline in their header and some > versions of FireWall-1 check for this. > FireWall-1 4.0 SP7, 4.0 SP5 build 13 on Nokia, and 4.1 SP2 all have this > behaviour. > To resolve this comment out the following line in $FWDIR/lib/base.def and > reinstall the policy: > > #define FTP_ENFORCE_NL > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|