-----Original Message-----
From: Glenn Mabbutt [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, July 04, 2001 1:14 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [FW1] MS FTP behind NATSorry, I meant to say that the "FTP-PASV" option was in fact checked on both firewalls (recall 1 worked, 1 doesn't), as is the "FTP-PORT" option on both firewalls. There was some suggestions in previous postings that disabling those options made them work?? so I tried that on the firewall that doesn't work, but still no luck. Any other ideas??
Thanks,
Glenn-----Original Message-----
From: Reed Mohn, Anders [mailto:[EMAIL PROTECTED]]
Sent: Friday, June 29, 2001 4:00 AM
To: 'Glenn Mabbutt'; '[EMAIL PROTECTED]'
Subject: RE: [FW1] MS FTP behind NAT
There are multiple suggestions on solving such problems
in the list archives. ( www.securepoint.com <http://www.securepoint.com> ).
Try enabling passive-mode FTP on the FW.
(Under Policy->Properties)
Cheers,
Anders :)
-----Original Message-----
From: Glenn Mabbutt [mailto:[EMAIL PROTECTED]]
Sent: 28. juni 2001 00:23
To: '[EMAIL PROTECTED]'
Subject: [FW1] MS FTP behind NAT
I'm having a rather irritating problem: someone behind one of our FW-1
firewalls has to use Microsoft's command-line FTP (from win98, win2k, and
winnt) as part of a batch script (I know it's junk, but the scripter won't
use anything else). I tried it behind a different FW-1, and it worked.
Here is the common configuration between the 2 firewalls:- FW-1 4.1 on NT sp 6a
- hosts are being NATted, the test PC's are statically mapped to valid IP's
(doing it without the static NAT gives a host of errors)- ftp is enabled in the rulebase for outbound connections
Here's what's different between the 2 firewalls (firewall A functions
properly, firewall B does not):- firewall A is running FW-1 service pack 2, firewall B is running FW-1
service pack 3- SYNDefender is set to "none" on firewall A and is set to "passive gateway"
on firewall B- under "logs and alerts" in Policy > Properties, "log established TCP
connections" is checked on firewall A and is unchecked on firewall B.Those are the only differences I can find. What happens when I try to
connect to an ftp server behind firewall B is that I can log in, but when I
try to do a directory listing or cd to a directory I get an error saying
"invalid port command" - no such error from behind firewall A.Any suggestions??
thanks,
Glenn
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
Title: RE: [FW1] MS FTP behind NAT
Try
using one of the many shareware FTP clients as a test. We bumped into
this issue before and it seems to only occur when we're using the MS FTP
client. We've never been able to pin down what is wrong, but changing
FTP clients seems to "fix" the problem...
- [FW1] MS FTP behind NAT Glenn Mabbutt
- RE: [FW1] MS FTP behind NAT Glenn Mabbutt
- Re: [FW1] MS FTP behind NAT Alberto L�pez de Ochoa Llovet
- RE: [FW1] MS FTP behind NAT Loesch, John
- RE: [FW1] MS FTP behind NAT METE EMINAGAOGLU (IT)
