[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] AW: [FW1] reason: tried to open tcp service port
Whenever an ftp-connection tries to open a port that the firewall knows as service, the connection is blocked with exactly the message you have in your logs. Checkpoint says there are several things you can do (and it works since I had the sam Problems): 1. Delete the FireWall-1 service(s) that are causing the problem. This is the easiest solution, but is not always feasible. (below you can find the list of pre-defined high-port TCP services). 2. Delete the FireWall-1 service(s) that are causing the problem, and recreate them as a service type of 'Other'. That way FireWall-1 will not see them as known TCP services. Please see this link for information on how to do this: How to manually define a TCP port range 3. Perform a base.def modification to keep FireWall-1 from comparing against these known services. Always back up any file before modifying it, and make sure you use a UNIX based editor such as VI to edit this file. NT editors place carriage return / line feeds at the end of the text. If you are using the base.def on an NT machine, use edit.com from the command prompt rather than Notepad or Wordpad. Make this modification on the Management server to your $FWDIR/lib/base.def. then stop/start the FireWall, and re-install the rulebase. <base.def> original : // ports which are dangerous to connect to define NOTSERVER_TCP_PORT(p) { (not ( ( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr11 0, set sr12 p, set sr1 0, log bad_conn) or ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p, set sr1 0, log bad_conn) ) ) }; is changed to: // ports which are dangerous to connect to define NOTSERVER_TCP_PORT(p) { (not ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p, set sr1 0, log bad_conn) ) }; you need to re-install the policy for the changes to take effect. list of pre-defined high-port TCP services: 1235 vosaic-ctrl 1352 lotus 1494 Winframe 1503 T.120 (NetMeeting) 1521 sqlnet 1525-1526 sqlnet2 1570-1571 Orbix 1720 H323 (iphone) 1723 pptp 1755 NetShow 2000 OpenWindows 2049 nfsd-tcp 2299 PCtelecommute 2626 AP-Defender, AT-Defender 2649,2651 IIOP 2998 RealSecure 5190 AOL 5510 SecurID-prop 5631PCanywhere 6000-6063 X11 6499 IS411 6660-6670 IRC 7000 IRC2 7070 RealAudio 12468-12469 WebTheater 16384 ConnectedOnline 18181-18184 CVP, UFP, SAM, LEA 18187 ELA Timo -----Ursprüngliche Nachricht----- Von: Brian Noecker [mailto:[email protected]] Gesendet am: Samstag, 27. Januar 2001 19:34 An: '[email protected]' Betreff: [FW1] reason: tried to open tcp service port I'm getting some weird FTP issues that maybe someone can help with. We've got an application that does an FTP upload to a remote server. This process usually works fine with the current FW rules but we've been seeing the following lately on one application server in the log: Reject rule 0 ftp (destination port) 1344 (s_port) Info: reason: tried to open tcp service port, port:lotus I've seen this with the port:lotus, port: vosaic-ctrl, port: nfsd-tcp. I checked the network services lotus, which is listed as port 1352 Out of multiple FTP sessions, this only happens a few times, but we have been able to catch a connection closed, when doing a manual ftp, looking around, and then doing a ls or other random command. Ideas? Thanks ahead of time. Brian -----Original Message----- From: Michael Liberte [mailto:[email protected]] Sent: Friday, January 26, 2001 3:06 PM To: 'Mark Squire'; '[email protected]' Subject: RE: [FW1] Rainwall Rainwall, even the latest version, isn't very good in load balancing VPNs. It does load balancing for SR, however, it can do only load SHARING for site-to-site VPNs. It works well on NT and Solaris, Linux support still needs some improvements. Rainwall is OPSEC-compliant, it can send logs to ELA proxy, but has it's own management tools. Cheers, Michael. -----Original Message----- From: Mark Squire [mailto:[email protected]] Sent: Friday, January 26, 2001 10:51 PM To: '[email protected]' Subject: [FW1] Rainwall Hi all, So now I am curious. Have any of you set up your firewalls redundantly using Rainwall? Did you use VPN and SecuRemote? If so I would like to ask you some questions (I sound like a Jenny Jones commercial about security). 1. If you have used this product, what do you think about how well it handles VPN load ballancing? 2. What about load ballancing of the rest of the traffic? 3. What platform do you use (ie NT, AIX)? 4. How well, and how does it work with Checkpoint? Does it work through the policy editor some how? I would be very interested in any experiences any of you can share about Rainwall. C:\Mark ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|