NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Firewall1 kills ftp-Session



-----BEGIN PGP SIGNED MESSAGE-----

Hi Mailinglist,

we are using here a Check Point FW-1 SP3 on a Redhat Linux 6.2
(Pentium III 650MHz, 128MB RAM, 2 NICs with Realtek RTL8139 chipset).

When one of our customer tries to update his website (1800 file, ca.
65MB), which is located on one of our servers (protected by the
questioned firewall), his ftp connection is dropped sometimes. When
this happens you will see an entry in the firewall log with a reject
caused by rule 0 and a remark in the info field like "reason: tried
to open tcp service port, port: <XYZ>", where <XYZ> is either a
service name like "Openwindows" or a portnumber. Source of this
reject is server:ftp, destination is client:<random portnumber
>1024>, this <random portnumber >1024> is in most cases a number
>60000.

This seems to be a common problem, since i found answers to it in
some FAQs (e.g. http://www.phoneboy.com/) on the net, but sadly none
of the answers/solutions worked for me. What i've tried:

- - Deleted all defined tcp ports > 1024 (except some FW1 specific
ports, because FW1 would complain when installing the rulebase)
- - Changed the file $FWDIR/lib/base.def as supposed in
http://www.phoneboy.com/fw1/faq/0106.html

Any ideas on this?

Thanks in advance,

Christoph Stoppe
- -- 
/-------------------------------------------------------------\
| a d e s s o  AG              | Fon  :|
| Stockholmer Allee 24         | Fax  :|
| 44269 Dortmund               | eMail: [email protected]      |
\-------------------------------------------------------------/

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8

iQEVAwUBOmwEdFj9mggARG+fAQFvgAf+Ost5G4t0MBcQz6C0VSMQPuA3+JBcni2D
wYpJ8r0T6690l+jMaFuzbtTcdNpYRtnTZcgAmiCGeivW1WgD32LnPQ5n8ql6qG3l
MKQ+6IRwGjjb2UKJH2olLClSPICt+SRuxoXUQAPoXtBScVmatqH95MeIzvkPP6fK
CzLxCgz4uObvRrMjmi1icZAM639OTo8RopUvHsR1jle8NbRVLOsYFZ+ZvbHGS+MJ
cvnLVyfMS8mBhNt3DY1y7D9iVj8R6z24FIJeATP6x247NoqFJe/rP0g2EkvHo4ja
J/+uZTZuh/QqWs6Jx2GW7pv3DovZItKscZA6Kr1RPXZ2lA+uwEV8dg==
=lbEc
-----END PGP SIGNATURE-----


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.