Try this: vi $FWDIR/lib/base.def
look for the following section: //////////////////////////////////////// #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>) // // Use this if you do not want the FW-1 module to insist on a newline at the // end of the PORT command: // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>) ////////////////////////////////////////////// Comment out the first instance and uncomment the second. Recompile the policy, push, test again. Let me know if this helps. Regards, Igor -----Original Message----- From: Folch Serra � Lluis [mailto:[EMAIL PROTECTED]] Sent: Friday, May 17, 2002 6:22 AM To: [EMAIL PROTECTED] Subject: [FW-1] FTP Passive: Firewall rejects packet from FTP Server Hello, I have a problem when a FTP client -from internet- accesses to a FTP Server which is behind FW-1. It seems that FTP Server receives PASV command -issued by client- but FW-1 rejects PORT command issued by Server to the client. In the log viewer appears a REJECT (by rule 0) with the following info.: "reason: tried to open tcp service port, port: xxxxx". I've checked general properties and I see that FTP-PASV Data connections is enabled... and I think that there is no problem with security rules. In the other hand, Active FTP is working fine... Any suggestions?? Have anybody encountered with any problem like that? Regards, Llu�s ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
