[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Firewall1 kills ftp-Session
-----BEGIN PGP SIGNED MESSAGE----- Hi Mailinglist, we are using here a Check Point FW-1 SP3 on a Redhat Linux 6.2 (Pentium III 650MHz, 128MB RAM, 2 NICs with Realtek RTL8139 chipset). When one of our customer tries to update his website (1800 file, ca. 65MB), which is located on one of our servers (protected by the questioned firewall), his ftp connection is dropped sometimes. When this happens you will see an entry in the firewall log with a reject caused by rule 0 and a remark in the info field like "reason: tried to open tcp service port, port: <XYZ>", where <XYZ> is either a service name like "Openwindows" or a portnumber. Source of this reject is server:ftp, destination is client:<random portnumber >1024>, this <random portnumber >1024> is in most cases a number >60000. This seems to be a common problem, since i found answers to it in some FAQs (e.g. http://www.phoneboy.com/) on the net, but sadly none of the answers/solutions worked for me. What i've tried: - - Deleted all defined tcp ports > 1024 (except some FW1 specific ports, because FW1 would complain when installing the rulebase) - - Changed the file $FWDIR/lib/base.def as supposed in http://www.phoneboy.com/fw1/faq/0106.html Any ideas on this? Thanks in advance, Christoph Stoppe - -- /-------------------------------------------------------------\ | a d e s s o AG | Fon :| | Stockholmer Allee 24 | Fax :| | 44269 Dortmund | eMail: [email protected] | \-------------------------------------------------------------/ -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQEVAwUBOmwEdFj9mggARG+fAQFvgAf+Ost5G4t0MBcQz6C0VSMQPuA3+JBcni2D wYpJ8r0T6690l+jMaFuzbtTcdNpYRtnTZcgAmiCGeivW1WgD32LnPQ5n8ql6qG3l MKQ+6IRwGjjb2UKJH2olLClSPICt+SRuxoXUQAPoXtBScVmatqH95MeIzvkPP6fK CzLxCgz4uObvRrMjmi1icZAM639OTo8RopUvHsR1jle8NbRVLOsYFZ+ZvbHGS+MJ cvnLVyfMS8mBhNt3DY1y7D9iVj8R6z24FIJeATP6x247NoqFJe/rP0g2EkvHo4ja J/+uZTZuh/QqWs6Jx2GW7pv3DovZItKscZA6Kr1RPXZ2lA+uwEV8dg== =lbEc -----END PGP SIGNATURE----- ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|