[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] ftp problems
I have already applied both these fixes and normal-mode FTP is still not working. Running snoop on the firewall confirms that the FTP sessions that are failing do have \r\n at the end of each line, so it appears something else is going on. Are you using passive FTP only? Regards, Steve >>> Andrew Fullagar <[email protected]> 13/09/00 15:54:28 >>> as far as I know - if you use both these checkpoint solutions and apply both of them together, should fix the problem - let me know if it does Solution: FTP to specific servers fails (10043.0.982) Edit the $FWDIR/lib/base.def file to allow FTP headers without "\r\n": 1. Stop FireWall-1 (fwstop) 2. Edit the /$FWDIR/lib/base.def 3. Mark out the following line: #define FTP_ENFORCE_NL to: //#define FTP_ENFORCE_NL 4. Start FireWall-1 (fwstart) 5. Re-install the policy Note for Solutions to other problems arising from an upgrade to FireWall-1 4.0 SP6, see FTP to some servers fails <solutionarea.asp?id=10043%2E0%2E7802303%2E2713413> Problem Description FTP to specific servers fails See the problem environment. <solutionarea.asp?togglefacts=1&id=74ef36ae-8786-11d4-bce3-080020cf9075&reso urce=> See the cause. <solutionarea.asp?togglecause=1&id=74ef36ae-8786-11d4-bce3-080020cf9075&reso urce=> See changes that affect this problem. <solutionarea.asp?togglechange=1&id=74ef36ae-8786-11d4-bce3-080020cf9075&res ource=> Comment on this Solution <JavaScript: startnow();> Copyright ©1996-2000 Primus Knowledge Solutions, Inc. All Rights Reserved. Solution Content Copyright ©2000 Check Point Software Technologies Inc. All Rights Reserved. Solution: FTP to some servers fails (10043.0.982) Edit the /$FWDIR/lib/base.def file to allow this behavior: 1. Stop the FireWall (fwstop) 2. Edit the $FWDIR/lib/base.def: Change it from: #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FireWall module to insist on a newline at the // end of the PORT command: // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) To: //#define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FireWall module to insist on a newline at the // end of the PORT command: #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) (The change is to comment the first line, and uncomment the last one) 3. Start the FireWall (fwstart) 4. Re-install the policy Note- for Solutions to other problems arising from an upgrade to FireWall-1 4.0 SP6, see FTP to specific servers fails <solutionarea.asp?id=10043%2E0%2E7772541%2E2711982> Problem Description FTP to some servers fails See the problem environment. <solutionarea.asp?togglefacts=1&id=bba89c20-8786-11d4-bce3-080020cf9075&reso urce=> See the cause. <solutionarea.asp?togglecause=1&id=bba89c20-8786-11d4-bce3-080020cf9075&reso urce=> See changes that affect this problem. <solutionarea.asp?togglechange=1&id=bba89c20-8786-11d4-bce3-080020cf9075&res ource=> Comment on this Solution <JavaScript: startnow();> Copyright ©1996-2000 Primus Knowledge Solutions, Inc. All Rights Reserved. Solution Content Copyright ©2000 Check Point Software Technologi andrew Internet Security Engineer (CCA,CCSA,CCSE,CCNA) Gigabytes Inc. Tel:Fax:(toll free) Cel:================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|