As far as I know, this is a well-known problem with FW1 (it has been
discussed in
this list at least once).
They only allow active ftp data from port 20. This breaks when you have
either servers
using high ports (such as in your case) or when there are a proxy-based FW
in between.
On one side, checkpoint claim that the RFC requires port 20, others say no
so there is
no need to enforce it, and a third group says, whatever says the RFC, a FW
should not
require 20, since people who use other ports do it for a good reason!
So, you have the follwoing possibilities:
- use a proxy on some host and open the holes to the proxy host, provided
you secure it:)
- enforce passive ftp.
- complain to checkpoint.
- buy another firewall
....
cheers,
mouss
At 22:02 23/12/00 -0500, Ivan Fox wrote:
[snip]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
