Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] PASV FTP on different port

To: [email protected]
Subject: [FW-1] PASV FTP on different port
From: "Steck, Steffen M." <[email protected]>
Date: Wed, 5 Dec 2001 13:43:54 +0100
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Hi list,
i run 4.1 SP4 on IPSO, Mgmt on Solaris 2.6

I want to ftp from an inside machine to the internet, hiding nat, on various
ports.
Now i have the following problem: as long as I do not open a data connection
everything is fine (read: i get authenticated and have a prompt). As soon as
entering the pasv mode (doing ls...) the control connection gets a timeout
and dies. FW-1 does not recognize the data connection to be invoked by the
previous ftp session.
I read a lot on this and found this has been posted as early as in Feb 00
here, but i got no satisfying solution. Phoneboy Daemon W. has a workaround
using a static nat rule but this not working for me since i must have the
choice to choose a port. He also mentions there may be some inspection code.
Has anybody any? Done and tested and working?
TIA for any input
Steffen

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================

Follow-Ups:
- Re: [FW-1] PASV FTP on different port
  - From: William Rosenberry <[email protected]>

Prev by Date: Re: [FW-1] SecuRemote & UDP Encapsulation
Next by Date: [FW-1] Ldap Authentication for Securemote (NG)
Previous by thread: Re: [FW-1] FW-1-MAILINGLIST Digest - 3 Dec 2001 to 4 Dec 2001 (#2001-63)
Next by thread: Re: [FW-1] PASV FTP on different port
Index(es):
- Date
- Thread