Re: [FW1] Fw: unknown established tcp packet

Sat, 28 Jul 2001 00:03:05 -0700 


> Dorny wrote:
> 
> Once again another e-mail titled unknown established tcp packet.  I
> have
> looked through the list but I was not able to find a definitive
> solution for
> this error.  Here is my problem after applying the latest check point
> service pack (SP4) I began seeing my logs fill up with dropped packets
> by
> rule 0 with the unknown TCP error.  Now I have customers telling me
> that
> they cannot ssh, run restores, ect through their firewalls which upon
> further investigation I noticed that all the packets were being
> dropped by
> rule 0.  I am also seeing lots of in-bound packet to customer web
> sites
> being dropped by rule 0 with the same error.  None of this was
> happening
> when I was at SP 1 or 2.  Anyone out there have a solution for
> this????
> 
> --Richard Dornhart
> 

Unfortunately, i have no solution, but i want to say
that i meet same problem this week.

Last week i have installed SP4 version of FW1 (Version 4.1 Build 41862)
.
It worked fine during one week untill i added  in $FWDIR/lib/init.def 
        #define FTP_CONTROL_TIMEOUT 30

I tried this because of FTP exchange through the FW1   
and an ISDN link behind, which fails before ISDN link is mounted.

        Connected to fw.
        220 aftpd:Check Point FireWall-1 Secure FTP server running on fw1
        331 aftpd: FireWall-1 password: you can use password@FW-1-password
        413-aftpd:User datalink authenticated by FireWall-1 authentication
        413 aftpd:Connection to xxx.xxx.xxx.xxx failed
        Login failed.
        421 Service not available, remote server has closed connection
        Not connected.

When ISDN link is up, some seconds later, i am able to connect to the
site with FTP.

As the modification of $FWDIR/lib/init.def did not fix this ISDN
problem,
i restaured the original file, and since this time i am unable
to connect to an FTP server on  DMZ,
getting the   "rule 0 reason: unknown established TCP packet" message.

Any suggestion will be welcome.

-- Bernard RAOUL.


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to