[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] FW1 4.1 sp6 - FTP passive - fails on known port #'s
In the $FWDIR/lib directory on the Management, change the following lines in base.def (back it up first) FROM: // ports which are dangerous to connect to define NOTSERVER_TCP_PORT(p) { (not ( ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0, set sr12 p, set sr1 0, log bad_conn) or ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p, set sr1 0, log bad_conn) ) ) }; TO: // ports which are dangerous to connect to define NOTSERVER_TCP_PORT(p) { (not ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p, set sr1 0, log bad_conn) ) }; Then install the policy. Stephen Tam -----Original Message----- From: William C. Schwartz [mailto:[email protected]] Sent: Wednesday, February 26, 2003 7:48 AM To: [email protected] Subject: [FW-1] FW1 4.1 sp6 - FTP passive - fails on known port #'s OK. I know I've found this info in the past, but for some reason, I can't find the documents. I've google'ed myself to insanity. There is a problem when doing passive FTP through a 4.1 firewall where if the port # is used that is a known service in services, the FTP fails. There was a tweak to the base.def or something like that. Does anyone have this document or know where to find it? Thanks Will ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|