I may also have just run into this problem since I am starting to get the
same type of message, rejected under Rule 0. But it happens only when when
ftp goes out to one machine (only outbound, not inbound), but not even for
other machines on that subnet. And it happens about 10% of the time to
that troublesome machine. Perhaps this server has defined a bad pool of
ports to use?
Is this the expected pattern seen in this problem, or should I look further?
How are the tcp_services defined? Some of the blocked ftp sessions were to
services defined in FW-1, but some were to services defined only in
/etc/services on Nokia. I picked two blocked ports, and both appear in the
tcp_services table, but one is a FW-1 definition and the other is a Nokia
definition. There are only 95 values in the table, a little over 1/3 of my
FW-1 defined services, and about 5% of those defined in /etc/services.
Phoneboy's FAQ has fixes that seem to indicate they will be utilized for
incoming ftp sessions, but I am allowing outbound ftp from my end without
any restrictions.
Can anyone cast light upon this?
Thanks,
hermit1
At 12:30 PM 6/20/00 -0500, Jason Witty wrote:
>Ralf,
>
>This is a very common problem, which has been mentioned several times in
>this list. The fix can be found at
>http://www.phoneboy.com/fw1/faq/0106.html . Hope this helps!
>
>Jason
>http://www.wittys.com
>http://www.securitystats.com
>
>Ralf Günthner wrote:
> >
> > Anybody got any idea what this is:>
> > reason: tried to open tcp service port, port: vosaic-ctrl>
> > The connection was dropped, but this is somehow different from other
> stuff we drop?!
> >
> > Thanks
> > Cheers
> > Ralf G.
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================