Hi joseph,
There is a macro named NOTSERVER_TCP_PORT that check whether a port is
allowed to be used byservices that negotiate other ports for connecting.
This macro is defined in $FWDIR/lib/base.def.
By default, FW-1 disallows ports less than or equal to 1024 and TCP ports
which are defined as services in the GUI.
Check your info field in log viewer. Look up if the port is one you have
defined in services.
You will need to modify this macro to change the
behaviour. You will need to do this on the management console.
The line which sets up this behavior looks like this:
In FireWall-1 3.x, base.def looks like this:
#define NOTSERVER_TCP_PORT(p) ( p not in tcp_services and p > 1024 )
Change it so it reads:
#define NOTSERVER_TCP_PORT(p) ( p > 1024 )
// ports which are dangerous to connect to
define NOTSERVER_TCP_PORT(p) {
(not (
( p in tcp_services, set sr10 RCODE_TCP_SERV, set sr110,
set sr12 p, set sr1 0, log bad_conn)
or
( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, setsr12 p,
set sr1 0, log bad_conn)
)
)
};
which is changed to:
// ports which are dangerous to connect to
define NOTSERVER_TCP_PORT(p) {
(not
( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p,
set sr1 0, log bad_conn)
)
};
Once done, push the policy from the management console to effect the
changes.
Good Luck,
Victor Barrientos
Security Engineer
Tivoli certified Consultant
RSA Security Certified RSA ACE/Server Engineer
Tel: 54-11-4819-3903
Faxl: 54-11-4811-7103
Telef�nica
unifon
www.unifon.com.ar
----- Original Message -----
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, July 12, 2000 11:21 AM
Subject: [FW1] ftp problem
>
> Greetings,
>
> I have FW-1 ver 4.0 and 4.1 on NT machine. I was on oralces tech web site
> http://technet.oracle.com/ to down load some software. The web site takes
you
> to a page which has a link to their ftp site. When I click on that link I
get a
> read error. I checked the FW logs and it showed that a packet was
rejected by
> rule 0 from the ftp server to client machine. In the info section of the
log it
> stated the reason: tried to open other host port.
>
> Now I was downloading stuff from oracle for a month now with no problems
until
> last week. Than this happened on my FW (ver 4.0), and I just setup a new
FW
> (ver 4.1) and I have the same problem. Anyone know what this problem is
and how
> to fix it?
>
> Thank you,
>
> Joe
>
>
> I'm using IE and Netscape to download from oracle on both Windows and
Linux
> machines.
>
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
