| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Antwort: [FW-1] FTP and SecureClient.
Hi Tim,
I hope my specific solution meets your needs.
We run TIS FWTK ftp-gw to allow our clients making only passive FTP with
the Internet.
I tuned following code in lib/base.def on our mgmt-server:
#define ftp_record_pasv
\
r_cdir = 2, tcp,
\
sport = SERV_ftp or sport = auth_services[SERV_ftp,ip_p],
\
FTP_CHECK_COMMAND or reject,
\
IS_PASV_MSG, set sr1 FTPPORT(0), ...
to:
#define ftp_record_pasv
\
r_cdir = 2, tcp,
\
sport = SERV_ftp or sport = 1081 or sport =
auth_services[SERV_ftp,ip_p], \
FTP_CHECK_COMMAND or reject,
\
IS_PASV_MSG, set sr1 FTPPORT(0), ....
"sport = 1081" is the port our ftp-gw is listening on.
Further you have to define a service, type "other" with match = "tcp,
dport=1081".
Now FW1 is able to handle the highport-connections from the client to ftp
proxy.
Good luck
Marcus
Tim Jones <[email protected]>
Gesendet von: Mailing list for An: [email protected]
discussion of Firewall-1 Kopie:
<[email protected] Thema: [FW-1] FTP and SecureClient.
point.com>
13.04.2002 01:41
Bitte antworten an Mailing list for
discussion of Firewall-1
Hello.
I'm having trouble getting FTP to work with our
SecureClient users. We only allow specific services
to specific machines over the VPN, and I figured
adding the FTP, FTP-passive, and FTP-port services
would allow FTP to work. This isn't the case,
however.
In passive mode, when the client sends the port
command to the server, the server's response is
blocked by the firewall. My impression of how this is
supposed to work is that the firewall is supposed to
watch the port command so that it can let the response
through. This is what seems to happen with outbound
traffic from internal users.
In active mode, the client's response to the server's
port command is blocked.
Are there known issues with this type of setup? Has
anyone ever got it working without allowing all ports
between the client and server?
Thanks!
__________________________________________________
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
