[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] ftp server using random high ports
Read up on PASV FTP and PORT FTP. Enable those in your rulebase properties and you shouldn't have that problem. I usually only enable PORT. Also check to see how your FTP client requests that information. Usually you will see it say something like DATA TRANSFER [PORT OR PASV] when you ls or download a file. Cheers, Jamie -----Original Message----- From: Ivan Fox [mailto:[email protected]] Sent: Tuesday, December 19, 2000 9:07 PM To: fw-wiz; Fw1-Wizards (E-mail); fw-1-mailinglist (e-mail) Subject: [FW1] ftp server using random high ports some users need to access an external ftp server. they can access to the server using regular port 20, 21. However, when they try to "ls" or "dir", nothing comes up. Firewall-1 log shows that the ftp server coming back using random high ports! Is it typical/common for ftp's returning traffic using random high ports instead of port 21? Is there any implication to allow the ftp server coming back through random high ports? Any comments/input are appreciated. Ivan ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== The information transmitted by the following E-Mail is intended only for the addressee and may contain confidential and/or privileged material. Any interception, review, retransmission, dissemination, or other use, or taking any action upon this information by persons or entities other than the intended recipient is prohibited by law and may subject them to criminal or civil liability. If you received this communication in error, please contact us immediately atext. 3600 and delete the communication from any computer or network system. ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|