All,
I have gone through the fw archives and Phoneboy's site but have not seen anything
that I thought applied directly to this scenario... Hopefully someone can shed some
light on this for me.
a) I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) going
through my CVP. (there are fw log entries)
b) I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) NOT going
through my CVP. (there are fw log entries)
c) I can NOT do the same ftp via a client such as wsftp32 or ws_ftppro going through
my CVP. (there is nothing in fw log)
d) I CAN do the same ftp via a client such as wsftp32 or ws_ftppro if I do NOT go
through the CVP. (there is a fw log entry)
I do not understand why in case c I do not see anything in my firewall logs? I log
everything. It makes it seem like it never gets to the firewall...
Is this a fw config issue, an ftp client issue, or a CVP issue?
Here is my current configuration:
Solaris 2.6 and FW 4.1sp2
rules:
source destination service comment
my-IP any ftp->acvpre rule used in a above
my-IP any ftp rule used in b and d above; I created
this rule as a test for troubleshooting
rule 0:
have enabled FTP PORT data connections
have enabled FTP PASV data connections
config files:
$FWDIR/conf/fwopsec.conf contains:
...
server 127.0.0.1 18181 auth_opsec
server 127.0.0.1 18182 auth_opsec
...
/opt/CPfw1-41/lib/base.def contains for ftp:
...
// #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)
#define FTP_ENFORCE_NL
...
Thanks in advance for any help you may provide. Please let me know if there is other
info that would be helpful in resolving this.
Tracy A. Maxi
Firewall Administrator
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
[FW1] ftp problem using win client and CVP
Maxi Tracy A Contr AFRL/SNOO Mon, 04 Dec 2000 10:46:11 -0800
