RE: [FW1] FTP of different ports

Tue, 13 Jun 2000 07:24:50 -0700 


Hi

This is a Ver 4.0 SP6 installation.

I currently have it set up with the service defined as type other, with a
match field of "tcp, dport=7270"

The base.def mods are as follows:

set sr10 D, dst = S or set sr10 20, \
record <src,port,dst,sr10,ip_p; ... > in connections \
FTP_TRACK_DATA_CONN (port, sr10, TCP_TIMEOUT)

I am not sure if the D and S should remain as D and S, or should become the
server ip address (172.17.1.10) and destination port (7270).
        "You will need to add a check for a connection to server S so that
FireWall-1 can allow the connection to port D (the      data port). To do this,
change the lines so they read:"
I am also not sure that data port above is data port, or destination port.

The "FTP Server" we are trying to connect to accepts FTP connections on Port
7270.

When you then try and transfer a file, it responds on an apparently random
high port (this is actually the client src port +1). This is what was
failing wen trying the information above.

Thanks
Mark


-----Original Message-----
From: Robert MacDonald [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, June 13, 2000 3:17 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Re: [FW1] FTP of different ports


Mark,

Can you supply us with a little more info? What FW
ver(appears to be v4.0? What service pack?
What does your log say is happening? PASV?

Based on your stated confusion with Dameon's
documentation, did you add the actual port
number, or did you enter 'desired_port'?

Robert

- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]

>>> "Mark van Gelder" <[EMAIL PROTECTED]> 6/13/00 7:36:40 AM >>>
>
>Good Day
>
>I am trying to allow outbound FTP on one of our FW-1 modules on port 7270.
>This is required as part of an existing interbank data transfer (so I have
>not control over the port).
>
>I have followed the advice on Phoneboys site, but still cannot get the
>connection to work. It appears that the data connection is being rejected.
>
>Has anyone got this working, and if so can you share what you had to do?
>
>The Phoneboy articly is a bit confusing, as it is not clear on whether the
>"desired_port" should actually read "desired_port" or 7270, and the same
>goes for the inspect code changes for base.def.
>
>I look forward to any help.
>
>Thanks
>mark




================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to