RE: [FW1] Restrictions of FTP data connection by FW1

Mon, 26 Feb 2001 07:46:50 -0800

Title: Restrictions of FTP data connection by FW1
Both are "enabled".  I tried to edit "base.def" by following "phoneboy's" instructions but that didn't work either.  The code apparently had some errors in it (wasn't successful in debugging it).  I also created the following rule:
 
Source        Destination        Service            Action
internal        external             ftp-high-port    accept                        where "ftp-high-port" has the following in
                                                                                                   match field:    tcp, dport >= 1024, dport <= 65535
 
Should I modify this rule so that instead of internal I have outside-firewall-interface?...
 
I was a bit confused so just to cover all the bases I created another rule for testing purposes with reversed Source/Destination.
 
I am still not able to establish a data connection form any of the internal boxes but when I try to FTP from the actual firewall itself, everything goes okay.  How come the firewall is not having any of these problems?
 
Thanks

Keyvan
-----Original Message-----
From: Larry Pingree [mailto:[EMAIL PROTECTED]]
Sent: Friday, February 23, 2001 7:16 PM
To: KMoussavi; FW ListServ (E-mail)
Subject: Re: [FW1] Restrictions of FTP data connection by FW1

Make certain you have the following selected in Policy---->Properties----->Services
"Enable FTP Port Data Connections"
and
"Enable FTP PASV Data Connections"
 

-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [EMAIL PROTECTED]
 
SiegeWorks
Company WebSite: http://www.siegeworks.com/
Security Installation, Training and Consulting
-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: KMoussavi
Sent: Friday, February 23, 2001 1:37 PM
Subject: [FW1] Restrictions of FTP data connection by FW1

I have discovered that my FW1 is blocking ftp data connections.  I do not have any problems with the control connections but when I try to retrieve data from a remote host, that return connection gets blocked by the firewall.  How do I resolve this?

Many thanks

Keyvan

Reply via email to