This question seems to be appearing a lot lately under slightly different
guises. When ftp tries to use a data port that is already defined in FW-1,
it will fail with this error. See "High Port TCP Services and FTP" on
http://www.phoneboy.com/fw1/
hermit1
At 09:45 AM 7/5/00 +0100, declan mckibben wrote:
>Hi
>
>I have regular, but infrequent, rejects in my firewall logs for an
>machine that ftp's content to another server:
>
>reason, tried to open tcp service port, port: at-defender (2625) and
>later...
>reason, tried to open tcp service port, port: realsecure (2997)
>
>These are rule 0 rejects. The machine that causes them is just doing ftp
>constantly. Could it be doing passive ftp and renegotiating ports? if so
>then why is the reject so irregular? I think the box in question is
>intel > linux running apache.
>
>regards
>Declan McKibben
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
