The correct method to accomplish this is to create an object for the remote
ftp server, create an object for the new ftp service with it's corresponding
port. After you've done this you will configure the following in the
address translation tab:
Source Packet Translated Packet
Source Destination Service Source Destination Service
Any Remote-ftp ftp =original =original =new
ftp(port-3120)(s)
Remote-ftp Any new-ftp =original =original =ftp(port-21)(s)
Essentially you can lock it down further by specifying who you want as
source but the overall goal is to connect to a non-standard ftp port which
you accomplish by doing port translation via address translation tab.
Juan Concepcion
Network Engineer/Security Consultant
CCSA/CCSE
E-Mail: [EMAIL PROTECTED]
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Mike
Glassman - Admin
Sent: Tuesday, June 19, 2001 10:46 AM
To: 'fw-1 listserv'
Subject: RE: [FW1] Ftp on non-standard port...
I recall I think that there is something about this on the phoneboy web
site.
Have you checked there ?
Mike
> -----Original Message-----
> From: Cihan Subasi (Garanti Teknoloji) [SMTP:[EMAIL PROTECTED]]
> Sent: � ���� 18 2001 16:00
> To: 'Matthias Leu'; Cihan Subasi (Garanti Teknoloji)
> Cc: Fw-1-Mailinglist (E-mail)
> Subject: RE: [FW1] Ftp on non-standard port...
>
> Thanks Matthias but that did not work, still I am having "invalid PORT
> command" error message when I do "dir"
>
> -----Original Message-----
> From: Matthias Leu [mailto:[EMAIL PROTECTED]]
> Sent: Friday, June 15, 2001 7:24 PM
> To: Cihan Subasi (Garanti Teknoloji)
> Cc: Fw-1-Mailinglist (E-mail)
> Subject: Re: [FW1] Ftp on non-standard port...
>
>
> Hi,
> first you have to define the service as a new TCP-service to port
> 3120. Then select in the Field Protocol Type FTP in the deklaration of
> this service. Making a rule accepting this new service should give you
> access to FTP on port 3120 with data or passive connection.
> Hope it helps,
> best regards
> Matthias
>
>
> "Cihan Subasi (Garanti Teknoloji)" wrote:
>
>
>
>
> Hi,
>
> How Can I access to a ftp server running on a non-
> standard port (3120)? Seems like I can do authentication but not data
> transfer...Thanks...
>
> *******************************************************
> Cihan Subasi
> Garanti Technology
> Internet Services Manager
> Work : (90) (212) 478 3426
> GSM : (90) (533) 270 1915
> <http://www.garantitechnology.com>
> <mailto:[EMAIL PROTECTED]>
> *******************************************************
>
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
