Re: [FW1] FTP Reject: " reason: tried to open up other host port"

[Jerald Josephs]

Title: RE: [FW1] FTP Reject: " reason: tried to open up other host port"

If you modify base.def after you have installed your policy, then your changes to base.def will not be utilized until you reinstall your policy.   If you are unable to reinstall your policy after you make changes to base.def, then your changes to base.def will never be utilized.   --- Jerald Josephs   ----- Original Message ----- From: Dolinar, Jon To: 'Jerald Josephs' ; JRay ; [EMAIL PROTECTED] Sent: Friday, June 02, 2000 6:21 AM Subject: RE: [FW1] FTP Reject: " reason: tried to open up other host port" Has anyone had the problem after they change the base.def they cannot add rules without changing base.def to original adding rule then rechanging base.def? Is this normal? -----Original Message----- From: Jerald Josephs [mailto:[EMAIL PROTECTED]] Sent: Friday, June 02, 2000 8:38 AM To: JRay; [EMAIL PROTECTED] Subject: Re: [FW1] FTP Reject: " reason: tried to open up other host port" The FTP server is not using TCP/20 in the SRC IP field in the packet header for it's responses. I have tried modifying my base.def when running 4.0 and was unsuccessful, so I got the vendor of my FTP server, Gene6, to fix their application and I no longer have this problem. --- Jerald Josephs ----- Original Message ----- From: "JRay" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, June 01, 2000 8:53 PM Subject: [FW1] FTP Reject: " reason: tried to open up other host port" > > Hey all, > > I have FW-1 4.0 on a Nokia 440, with an FTP reject problem using > SecureRemote. Clients will authenticate to the FW ok, start a session where > ftp traffic is passed from the client to the destination server, but when > the server tries to respond then session ends with a ftp reject message. > Rule 0 is the rule it is getting rejected on and the error message reads " > reason: tried to open up other host port" I have tried to alter the > lib/base.def file but the problem still exists. Doe anyone have an answer or > a step by step process of what needs to be altered in and how to do it in > the base.def file in case I'm missing something? > > My thanks in advance. > > > > ============================================================================ ==== >      To unsubscribe from this mailing list, please see the instructions at >                http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ================================================================================      To unsubscribe from this mailing list, please see the instructions at                http://www.checkpoint.com/services/mailing.html ================================================================================