Re: [FW-1] PASV FTP on different port

[William Rosenberry <wrosenberry@FW1-NOSPAMLUCENT.COM>]

We have been having the same problem.  Seems it will work with
active FTP, but not passive.

We are doing it a bit different.  We have a group of FTP users, and
use "user auth" in the action field.  We have tried just about
everything we can think of, and now assume it will never work using
passive FTP!

Running 4.1 SP4 on Solaris without NAT

On 5 Dec 2001 at 13:43, Steck, Steffen M. wrote:

> Hi list,
> i run 4.1 SP4 on IPSO, Mgmt on Solaris 2.6
>
> I want to ftp from an inside machine to the internet, hiding nat, on various
> ports.
> Now i have the following problem: as long as I do not open a data connection
> everything is fine (read: i get authenticated and have a prompt). As soon as
> entering the pasv mode (doing ls...) the control connection gets a timeout
> and dies. FW-1 does not recognize the data connection to be invoked by the
> previous ftp session.
> I read a lot on this and found this has been posted as early as in Feb 00
> here, but i got no satisfying solution. Phoneboy Daemon W. has a workaround
> using a static nat rule but this not working for me since i must have the
> choice to choose a port. He also mentions there may be some inspection code.
> Has anybody any? Done and tested and working?
> TIA for any input
> Steffen
>
> ===============================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ===============================================


William Rosenberry, CCSA, CCNA, MCSE, CSA
Member of Consulting Staff
Lucent Worldwide Services
King Of Prussia, PA
Numeric page:E-mail page:
page_Rosenb_W@ins.com

===============================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
===============================================