NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] ftp big trouble: connection reject - reason tried to open a known service port, port



I had the same problem today.  I found the solution in
phoneboy.

Yim
--- "Martin, Jeffrey" <[email protected]> wrote:
> The FTP service will reject connections that are
> trying to use ports that
> are already defined for another service. For
> example, if you had port 5555
> defined as service XXX, the firewall would not allow
> an FTP connection to
> negotiate this as a data transfer port. The
> reasoning is that if the
> connection is allowed on a known port it could
> expose services to attacks
> that the firewall would normally block. If you check
> the port numbers being
> logged, you will find that they are all ports used
> by other services defined
> on the firewall.
>
> You could solve the problem by using active instead
> of passive FTP, or is it
> the other way around? Use the form of FTP that
> always uses the same port for
> data transfer.
>
>
> -----Original Message-----
> From: Federico Flumiani
> [mailto:[email protected]]
> Sent: Friday, July 12, 2002 4:56 AM
> To: [email protected]
> Subject: [FW-1] ftp big trouble: connection reject -
> reason tried to open a
> known service port, port xxx
>
>
> Hi all,
> i have ftp trouble on a FW-1 NG FP2 250 Nodes
> installed on a GNU/Linux Red
> Hat 7.2 (kernel 2.4.9-34) HP LC2000 Box (512MB PIII
> 1Gz). The system has 4
> NICs a external and 2 DMZ plus the internal one
> facing the lan. On one of
> the DMZs i have a FTP server on NT4 (IIS4). I added
> this rule to the
> rulebase (ok it's not the most secure rule to
> apply):
>
> Source  Destination             Service Action
> Track
>  LAN                DMZ                   ALL
>    Accept      Log
>
> Connecting to the ftp server from a client in the
> lan works fine.
> Donwloading also but when i upload hundreds of
> files, tipically html files,
> some connections are rejected. Looking in the log
> viewer i see this row:
> reason tried to open a known service port, port xxx
> ...
>
> I also tested with other ftp servers and clients but
> i get always this
> problem. Does someone knows whats happens and how to
> solve this problem?
>
>
>                                  Federico Flumiani
>
> ---
> Infotech snc
>
> Email:  [email protected]
> <mailto:[email protected]>
> PGP Fingerprint: D89E 339B 21B9 AB09 8D20  03C7 E52D
> 3427 EDE4 7334 PGP Key
> available @ http://pgp.mit.edu/
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================


__________________________________________________
Do You Yahoo!?
Sign up for SBC Yahoo! Dial - First Month Free
http://sbc.yahoo.com

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.