NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] FTP-problems

Thank you for the third resolution i have contacted support@nokia and
asked for this . 3306 fixes most µ$ servers & proxies that can sit in
between afaik  that is so correct.
3414=1624
Although after testing 1624 which should be enough to resolve the
mainframe problem the problem was still there this means that it must be
1624 i was looking for this answer but to be frank it won't work on FP2
i wonder if any1 has tested how to implemnt it on FP2 thanx in advance.


//Sadir

Croft, Ed wrote:

We were having the same problem with FTP between a Mainframe and a bunch of
Microsoft FTP servers.  It appears to be corrected now.  There were three
Nokia Resolutions that we applied in a "shotgun" approach to fix a
Production problem (the Mainframe is owned by another company and they are
not super cooperative).  I'm sorry that I don't have the specific answer to
which one fixed our problem, but this is what we did:

1.      Modified the base.def file to comment out "#define FTP_ENFORCE_NL"
(Nokia Resolution 3306)

2.      Modified the base.def file to un-comment out "//#define
FTP_NON_STANDARD" and created a new service (Nokia Resolution 3414):

Name:           FTP_Control_21
Match field:    tcp,dport=21
Prologue field: ftp_accept_serv

3. Modified the base.def file from (Nokia Resolution 1624):

// ports which are dangerous to connect to
define NOTSERVER_TCP_PORT(p) {
(not
(
( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11
0,
set sr12 p, set sr1 0, log bad_conn)
or
( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set
sr12 p,
set sr1 0, log bad_conn)
)
)
};

to:

// ports which are dangerous to connect to
define NOTSERVER_TCP_PORT(p) {
(not
( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p,
set sr1 0, log bad_conn)
)
};

Finally, we create a rule that looks like:

Source:

Mainframe, Microsoft FTP servers

Destination:

Mainframe, Microsoft FTP servers

Service:

FTP_Control_21, FTP Used Ports (TCP 20 & 21, UDP 20 & 21), ftp-active (user
defined service with the Match field containing:
tcp,dport>=1024,dport<=65535)

Hope this helps...

-Ed

-----Original Message-----
From: Jason Maley [mailto:[email protected]]
Sent: Wednesday, May 08, 2002 4:52 AM
To: [email protected]
Subject: Re: [FW-1] FTP-problems


We're having the same problems and have had no luck yet either.  We have
tried the base.def mods as well.  I'll keep looking on our side for an
answer.

-Jason

-----Original Message-----
From: Mailing list for discussion of Firewall-1
[mailto:[email protected]]On Behalf Of Sadir
Al-khafaji
Sent: Wednesday, May 08, 2002 6:03 AM
To: [email protected]
Subject: Re: [FW-1] FTP-problems


I have done something similar really i have defined a wizard object.

other TCP

main
tcp, dport >= 1024, dport <= 65535

didn't help

//Sadir
Mustetab Ali Khan wrote:


hi,

try by giving ftp with resource .. i.e. create an ftp resource and in the
service column select add with resource ...

Rgds

-----Original Message-----
From: Sadir Al-khafaji [mailto:[email protected]]
Sent: Wednesday, May 08, 2002 2:56 PM
To: [email protected]
Subject: Re: [FW-1] FTP-problems


Hmmm but that is for the port-command and not for passive FTP.

Thanks
Sadir

Torkel Mathisen wrote:



Ok. Have you also tried:

Disable the line:
#define FTPPORT(match)       (call KFUNC_FTPPORT <0x1|(match)>)

Enable the line:
#define FTPPORT(match)  (call KFUNC_FTPPORT <(match)>)

Regards,
Torkel




-----Original Message-----
From: Sadir Al-khafaji [mailto:[email protected]]
Sent: 7. mai 2002 16:02
To: [email protected]
Subject: Re: [FW-1] FTP-problems


already done that. Thanx

Torkel Mathisen wrote:




In base.conf try and disable: #define FTP_ENFORCE_NL

It should now read // #define FTP_ENFORCE_NL

Regards,
Torkel





-----Original Message-----
From: Sadir Al-khafaji [mailto:[email protected]]
Sent: 7. mai 2002 10:00
To: [email protected]
Subject: [FW-1] FTP-problems


I have a problem with ftp at certain times. It's a Mainframe to
Mainframe ftp session and sometimes the ftp-data connection



cannot be



opened. i allowed port 20, 21, FTP-PASV, FTP-PORT, HIGH-PORTS, and i
still have the same problem. it is the first rule in the rule-base
Any ideas.

Cheers
//Sadir

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================





=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================




=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================




=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================


  
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.