RE: [FW1] Help!! Simple FTP Problem

Mon, 26 Feb 2001 07:02:53 -0800 


Try this

Apparently this only works occasionally     - But thats good enough...

 

<snip>

Disabling PASV (Passive) ftp from the properties box in conjunction with the
solutions below sometimes helps.

 AND

 #define ALLOW_NON_SYN_RULEBASE_MATCH

in $FWDIR/conf/fwui_head.def 

</snip>

it will look like this 

/*#define ALLOW_NON_SYN_RULEBASE_MATCH */

hope that helps
Inti

-----Original Message-----
From: Keigo Hanaoka [mailto:[EMAIL PROTECTED]]
Sent: 26 February 2001 08:28
To: [EMAIL PROTECTED]
Subject: [FW1] Help!! Simple FTP Problem




Does anyone tell me how i can deal with 
simple FTP connection via FW1-v4.1 SP 3 (on AIX) ??

This was like a duplicated question, but probably
my case would be simpler.

FTP server is on DMZ, FTP clients are in both 
internal network and Internet.
FTP server itself should be no problem because
another machine on DMZ is able to connect with ftp.

it would be a problem when ftp was going through the FW1.

i am trying FTP connection from Internet (or internal) side
towards DMZ, and the first connection 
(which means just connect to the server,)
is no problem.
when the server is trying to reply to the client, the Firewall
drop the connection based on rule zero!!
the client cannot log in, that is.., 
it droped before the ftp control would be established.

i checked that both "Enable FTP Port" and "Enable
FTP PASV" are checked, on the "service" of "Properties Setup."

Address translation would be quite simplly set.

ANY     FTP(Global)------>ANY   FTP(Private)
ANY     FTP(Private)----->ANY   FTP(Global)

Also, the current policy is just:

Source          Destination             Service         

ANY             FTP_server(Global IP)   ftp     accept
ANY             ANY                     ANY     Drop

Please help me!!
appriciate with regards

*********************************************
Keigo Hanaoka <[EMAIL PROTECTED]>
e-business Infrastructure Integration Div.
Unauthorized Access Countermeasures Dept.
LAC Co.,Ltd.  http://www.lac.co.jp/security/
Phone +81-3-5531-0332 FAX +81-3-5531-0142
*********************************************



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to