[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] Tried to open tcp service port: Reject

To: [email protected]
Subject: [FW-1] Tried to open tcp service port: Reject
From: Rakesh Bhatnagar <[email protected]>
Date: Wed, 20 Nov 2002 23:38:43 -0800
Reply-To: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
Thread-Index: AcKQ2bTRF76bXysrQy+Ue0OEYCOX0wAU0UrA
Thread-Topic: [FW-1]

Hi

We are running NG-FP3 and are having a situation as follows:
We have a client (outside firewall) which connects to a host (inside the firewall) on a particular TCP port (say 5403). In response, the internal host is supposed  to provide a specific TCP port number (say 4309) to the client and then client is supposed to connect back to the host on port 4309 for further communication. I have created "Service" objects with port numbers 5403 and 4309 and the corresponding rules as well (One rule for Outside client to internal host via port # 5403 or 4309, and another rule for internal host to outside client via any port).

When I check in the log, I see that the request has been rejected with the following information:
        Interface: <Name of LAN side interface>
        Type:           Log
        Action: Reject
        Information: Reason: Tried to open a known service request
                        Protocol: TCP

As a result, the internal host is not able to pass the port number (4309) information to outside client. The communication is rejected by the firewall. And hence, the client never receives the port

As I can understand, since the internal host is trying to pass port number 4309 to the client, but this port is defined as a service port, which means that the internal host is supposed to listen on this port rather than connecting through this port, hence I am getting this communication failure.

My question is what can I do to have the internal host connect via port number 4309. I have found a document http://www.phoneboy.com/faq/0106.html ) similar to the problem that I am facing, but I couldn't use it for NG. Does anybody have an idea what can I do to resolve this issue.

Your help is highly appreciated.

Thanks
Rakesh

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: [FW-1] Help please, Secure Remote setup problem
Next by Date: Re: [FW-1] Cant get VPN access to my AS400
Prev by thread: Re: [FW-1] Help please, Secure Remote setup problem
Next by thread: Re: [FW-1] Tried to open tcp service port: Reject
Index(es):
- Date
- Thread