[FW1] FW: ftp problem using win client and CVP

Wed, 06 Dec 2000 08:29:15 -0800 


All,

I am posting a 2nd time because it does not appear to have made it to the list.  
Please forgive me if it is a duplicate...

Thanks

Tracy

>  -----Original Message-----
> From:         Maxi Tracy A Contr AFRL/SNOO  
> Sent: Monday, December 04, 2000 1:45 PM
> To:   '[EMAIL PROTECTED]'
> Subject:      ftp problem using win client and CVP
> 
> All,
> 
> I have gone through the fw archives and Phoneboy's site but have not seen anything 
>that I thought applied directly to this scenario...  Hopefully someone can shed some 
>light on this for me.
> 
> a)  I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) going 
>through my CVP.  (there are fw log entries)
> b)  I can successfully ftp (command line) to a site (i.e. ftp.symantec.com) NOT 
>going through my CVP.  (there are fw log entries)
> 
> c)  I can NOT do the same ftp via a client such as wsftp32 or ws_ftppro going 
>through my CVP.  (there is nothing in fw log)
> d)  I CAN do the same ftp via a client such as wsftp32 or ws_ftppro if I do NOT go 
>through the CVP.  (there is a fw log entry)
> 
> I do not understand why in case c I do not see anything in my firewall logs?  I log 
>everything.  It makes it seem like it never gets to the firewall...
> 
> Is this a fw config issue, an ftp client issue, or a CVP issue?
> 
> Here is my current configuration:
> 
> Solaris 2.6 and FW 4.1sp2
> 
> rules:
> source                destination     service         comment
> my-IP         any             ftp->acvpre     rule used in a above
> 
> my-IP         any             ftp             rule used in b and d above; I created 
>this rule as a test for troubleshooting
> 
> rule 0:
> have enabled FTP PORT data connections
> have enabled FTP PASV data connections
> 
> config files:
> $FWDIR/conf/fwopsec.conf contains:
> ...
> server        127.0.0.1         18181            auth_opsec
> server        127.0.0.1         18182            auth_opsec
> ...
> 
> 
> /opt/CPfw1-41/lib/base.def contains for ftp:
> ...
> // #define FTPPORT(match)       (call KFUNC_FTPPORT <(match)>)
> #define FTP_ENFORCE_NL
> ...
> 
> Thanks in advance for any help you may provide.  Please let me know if there is 
>other info that would be helpful in resolving this.
> 
> Tracy A. Maxi
> Firewall Administrator
> 


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to