[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Antwort: [FW-1] FTP and SecureClient.
Hi Tim, I hope my specific solution meets your needs. We run TIS FWTK ftp-gw to allow our clients making only passive FTP with the Internet. I tuned following code in lib/base.def on our mgmt-server: #define ftp_record_pasv \ r_cdir = 2, tcp, \ sport = SERV_ftp or sport = auth_services[SERV_ftp,ip_p], \ FTP_CHECK_COMMAND or reject, \ IS_PASV_MSG, set sr1 FTPPORT(0), ... to: #define ftp_record_pasv \ r_cdir = 2, tcp, \ sport = SERV_ftp or sport = 1081 or sport = auth_services[SERV_ftp,ip_p], \ FTP_CHECK_COMMAND or reject, \ IS_PASV_MSG, set sr1 FTPPORT(0), .... "sport = 1081" is the port our ftp-gw is listening on. Further you have to define a service, type "other" with match = "tcp, dport=1081". Now FW1 is able to handle the highport-connections from the client to ftp proxy. Good luck Marcus Tim Jones <[email protected]> Gesendet von: Mailing list for An: [email protected] discussion of Firewall-1 Kopie: <[email protected] Thema: [FW-1] FTP and SecureClient. point.com> 13.04.2002 01:41 Bitte antworten an Mailing list for discussion of Firewall-1 Hello. I'm having trouble getting FTP to work with our SecureClient users. We only allow specific services to specific machines over the VPN, and I figured adding the FTP, FTP-passive, and FTP-port services would allow FTP to work. This isn't the case, however. In passive mode, when the client sends the port command to the server, the server's response is blocked by the firewall. My impression of how this is supposed to work is that the firewall is supposed to watch the port command so that it can let the response through. This is what seems to happen with outbound traffic from internal users. In active mode, the client's response to the server's port command is blocked. Are there known issues with this type of setup? Has anyone ever got it working without allowing all ports between the client and server? Thanks! __________________________________________________ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/ ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|