Thanks a lot of sugestions about my ftp problem.
i really appriciate you, ladies and gentlemen.
now, it works great.
here is what i've got:
first, the problem was fixwed by editing /$FWDIR/lib/base.def
as sugested.
second, as [EMAIL PROTECTED] wrote, my ftp server was
not appropriate, too.
when i tried to integrate another firewall environment with another
ftp server as a test, that did work, well.
then, i got original /$FWDIR/lib/base.def back in original place with
another ftp server. it did work.
anyways, thanks a lot and i appriciate with regards.
and sorry about taking your time.
if i could, i would like to know what number of RFC i did not follow,
that is what i should check by myself, though.
thanks!!
On Mon, 26 Feb 2001 12:36:40 -0600
[EMAIL PROTECTED] wrote:
> Keigo, I had to make the following changes (unfortunately, one at a time),
> in order to get FTP to work for all of the situations that it didn't work
> out of the box. As I understand it, these fixes are necessary because the
> FTP server that you are trying to get to does not strictly follow RFC
> standards.
>
> ----------------------------------------------------------------------------
> --
> To not force the newline of FTP modify /$FWDIR/lib/base.def as follows:
> - comment out the following line by adding 2 slashes to the begining:
> #define FTPPORT(match) (call KFUNC_FTPPORT <0x1|(match)>)
> - uncomment the following line by removing the slashes at the beginning
> // #define FTPPORT(match) (call KFUNC_FTPPORT <(match)>)
> ---------------------------------------------------------------------
> To allow High ports with FTP modify /$FWDIR/lib/base.def as follows:
> Replace the following:
> // ports which are dangerous to connect to
> define NOTSERVER_TCP_PORT(p) {
> (not
> (
> ( p in tcp_services, set sr10
> RCODE_TCP_SERV,set sr11 0,
> set sr12 p, set sr1 0, log bad_conn)
> or
> ( p < 1024, set sr10 RCODE_SMALL_PORT, set
> sr11 0, set sr12 p,
> set sr1 0, log bad_conn)
> )
> )
> };
>
> with:
> // ports which are dangerous to connect to
> define NOTSERVER_TCP_PORT(p) {
> (not
> ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr
> set sr1 0, log bad_conn)
> )
> };
> ---------------------------------------------------------------------
> Problem: FTP gets Network Error: Connection reset by peer
>
> See http://www.checkpoint.com/techsupport/alerts/pasvftp.html
>
> comment out the line: #define FTP_ENFORCE_NL in $FWDIR/lib/base.def
> ----------------------------------------------------------------------------
> ------------
>
> -----Original Message-----
> From: Keigo Hanaoka [mailto:[EMAIL PROTECTED]]
> Sent: Monday, February 26, 2001 2:28 AM
> To: [EMAIL PROTECTED]
> Subject: [FW1] Help!! Simple FTP Problem
>
>
>
>
> Does anyone tell me how i can deal with
> simple FTP connection via FW1-v4.1 SP 3 (on AIX) ??
>
> This was like a duplicated question, but probably
> my case would be simpler.
>
> FTP server is on DMZ, FTP clients are in both
> internal network and Internet.
> FTP server itself should be no problem because
> another machine on DMZ is able to connect with ftp.
>
> it would be a problem when ftp was going through the FW1.
>
> i am trying FTP connection from Internet (or internal) side
> towards DMZ, and the first connection
> (which means just connect to the server,)
> is no problem.
> when the server is trying to reply to the client, the Firewall
> drop the connection based on rule zero!!
> the client cannot log in, that is..,
> it droped before the ftp control would be established.
>
> i checked that both "Enable FTP Port" and "Enable
> FTP PASV" are checked, on the "service" of "Properties Setup."
>
> Address translation would be quite simplly set.
>
> ANY FTP(Global)------>ANY FTP(Private)
> ANY FTP(Private)----->ANY FTP(Global)
>
> Also, the current policy is just:
>
> Source Destination Service
>
> ANY FTP_server(Global IP) ftp accept
> ANY ANY ANY Drop
>
> Please help me!!
> appriciate with regards
*********************************************
Keigo Hanaoka <[EMAIL PROTECTED]>
e-business Infrastructure Integration Div.
Unauthorized Access Countermeasures Dept.
LAC Co.,Ltd. http://www.lac.co.jp/security/
Phone +81-3-5531-0332 FAX +81-3-5531-0142
*********************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
