The reference to the PORT command may be tellling. FIrewalls in general
have problems with ACTIVE FTP and the use of the PORT command is an
indication that your are in ACTIVE mode. On the Mac, you can simply
enter the command:
passive
to change modes and avoid a wide variety of problems surrounding active
ftp. On windows, it gets a little more tricky as the command line ftp
client on windows does not support passive mode (they never updated
it). You can, however, use IE by setting it to use passive mode as
using it to access the ftp site. You can set it to passive by accessint
the TOOLS menu and selecting Internet options, then Advanced and
scrolling down to "use passive ftp".
We have an outstanding trouble ticket with our support vendor that has
been escalated to Checkpoint regarding active ftp -the closest thing we
have gotten to an answer is that it may be addressed (note they don't
say fixed) in fp4.
Bill
On Monday, June 30, 2003, at 08:31 AM, Rafaël Olivier wrote:
Hello,
I'm meeting the same error from a Windows client to an Unix server.
and both are behind 2 natted Firewalls (one is CP NG FP3 and other is
Netfilter based firewall).
Im'looking for a solution.. but can't find anything on google...
Any Idea/solution ?
Regards,
Olivier RAFAEL
Network Manager
Sopra Group
orafael AT sopragroup DOT com
Ce message est exclusivement destiné aux personnes dont le nom figure
ci-dessus. Il peut contenir des informations confidentielles dont la
divulgation est à ce titre rigoureusement interdite. Dans l'hypothèse
où
vous avez reçu ce message par erreur, merci de le renvoyer à l'adresse
e-mail ci-dessus et de détruire toute copie.
This message may contain confidential and proprietary material for the
sole
use of the intended recipient. Any review or distribution by others is
strictly prohibited. If you are not the intended recipient, please
contact
the sender and delete all copies.
-----Message d'origine-----
De : Mailing list for discussion of Firewall-1
[mailto:FW-1-MAILINGLIST AT beethoven.us.checkpoint DOT com]De la part de Lars
Troen
Envoyé : mercredi 5 mars 2003 11:55
À : FW-1-MAILINGLIST AT beethoven.us.checkpoint DOT com
Objet : [FW-1] Ftp from a MAC client
I have an external Mac user trying to access an ftp server, but he's
not
able to do anything. We're not using the ftp security server, but it
SmartDefense is triggering. Both the client and the server are behind
natted
gateways. Can anyone explain what's happening? I'm a bit sceptical on
disabling "FTP Bounce" in SmartDefense.
Attack Info: ftp address mismatch: ip_src != command_src
message_info: Illegal port command (port = 0)
Lars
=================================================
To set vacation, Out Of Office, or away messages,
send an email to LISTSERV AT lists.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
