Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] FTP on 521 and 520. HELP !!!

To: [email protected]
Subject: [FW1] FTP on 521 and 520. HELP !!!
From: "Glover, Duke" <[email protected]>
Date: Tue, 12 Sep 2000 16:10:31 -0400
Sender: [email protected]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

FW-1 3.0b VPN 3083
Solaris 2.6

Here's the problem.  We have users that FTP (21 and 20), via command
line and via applications, through the FW with no problem.  We now
have a requirement for an application to FTP through the FW on ports
521 and 520.  I tried a couple of different/simple changes, like
creating TCP Services on ports 521 and 520 to no avail.  The
connection is initiated and there is an accept in the FW log viewer. 
I can also snoop the interfaces and see the traffic arriving at the
FW during the initial connection and also the returning to the FW
from the FTP Server.

The problem comes when you try to do a directory listing.  I am
assuming this is the equivalent of an FTP DATA connection, ie. port
20, or in our case port 520.  Anyway, it will basically just time out
with an application specific error message.  Let me point out that
the application (WS FTP Pro) works fine when using ports 21 and 20.

After some research it appears that when FW-1 sees and FTP connection
coming through it looks in the base.def file to determine which port
to allow the FTP DATA connection on.  This file is setup to allow
this connection on port 20.

Can anyone verify if this is correct ?  And does anyone know of a
work around so that we can use ports 520 and 521.  I guess we could
edit the base.def file, but then I imagine that would break all of
the normal (21 and 20) FTP connections.

Any help is appreciated.

AtDhVaAnNkCsE,

Duke Glover
desk =page [email protected]
Verizon / Enterprise Information Protection Services

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOb6ODc7V4zbKN7lqEQK4NACdFuPCHmZtZDSIgGdPPyQLvmVpAX4AoKV1
4q3A7yS4eC1HW4SVqcdxTezi
=Xn0y
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Tracks Napster
Next by Date: [FW1] anyone on sp2 on nt?
Previous by thread: RE: [FW1] [FW-1] Solution for Dr.Watson (0xc0000005) - VPN-1 4.1 SP2
Next by thread: [FW1] anyone on sp2 on nt?
Index(es):
- Date
- Thread