Re: [FW-1] FTP problem

[Srikrishna.K [Permanent Link]]

HuH.....:) Anyway the problem got resolved....you are always welcome....



rajesh <rajesh AT SL.NSW.GOV DOT AU> wrote:
Thank you all very much for your help. The problem was with the DNS not FW. FTP
server couldn't resolve the client's IP address.

Once again thank you very much.

Regards,
Rajesh.

A real bouncer...:( ...I will try to compare the difference in Unix & XP ftp
connections from server side..Probably if the server has got logging
enabled...what kind of responce its giving or what kind of request its
receiving..
It could be that that particular machine got some other rules which're hiding
this FTP rule(I am not sure how stupid this...LoL)...

One more thing is passive ftp...but i dont think so its the case as you
mentioned that you trying from cmd prompt...


rajesh wrote:
Hi Srikrishna,

The problem is FW is not rejecting these packets. FW logs says it accepts FTP
connections. But I don't get the FTP login prompt on my PC. If I try to FTP from
a unix box (solaris) it works though it takes some time to show the login
prompt. If I do it from my PC (Windows XP) I dont even get the login prompt.

Thanks,
Rajesh.


>Hmm....Yeah...some times this black box gives lot of problems..but thats why we
are here n this secures our job as well..;0
>
>okie...can you use "fw monitor " to verify where does this packet getting
rejected/dropped....
>
>
>
>rajesh wrote:
>I did go through phoneboy.com and added those lines. Still it doesn't work.
>Strange thing is it works fine if I FTP from outside our network.
>
>Thanks,
>Rajesh.
>
>
>>Hmm...
>>http://www.phoneboy.com/bin/view.pl/FAQs/TCPservicePort
>>
>>This is the one we used from Phoneboy.....It worked on FP3..on R55 I dont have
>any problem though....
>>
>>
>>rajesh wrote:
>>Krishna,
>>
>>Thanks for your reply. I have tried this but still no luck. I have also added
>>the following line:
>>
>>#define FTP_CHECK_PACKET
>>
>>Anything else I need to check on FW gui?
>>
>>Thanks,
>>Rajesh.
>>
>>
>>>its a known problem with the CP macros....you can try the following
>>procedure...But its highly recommended to call your support if you are not
sure
>>or doing these kinda jobs first time...
>>>
>>>---------------------------------------------------
>>>FTP (Tried to open a known service port)
>>>
>>>1) Exit all Gui's.
>>>
>>>2) Backup the $FWDIR/lib/base.def on the management server.
>>>
>>>3) Edit the $FWDIR/lib/base.def and add the following line:
>>>
>>>#define NO_SERVER_PORT_CHECK
>>>
>>>right below the line (at the top of the file):
>>>#define __base_def_
>>>
>>>This effectively disables the macros that check for defined services.
>>>
>>>4) Push the security policy to the enforcement points.
>>>
>>>---------------------------------------------------------
>>>
>>>Srikrishna Komatineni
>>>
>>>
>>>---------------------------------
>>>Do you Yahoo!?
>>> New and Improved Yahoo! Mail - 1GB free storage!
>>>
>>>=================================================
>>>To set vacation, Out-Of-Office, or away messages,
>>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>>>in the BODY of the email add:
>>>set fw-1-mailinglist nomail
>>>=================================================
>>>To unsubscribe from this mailing list,
>>>please see the instructions at
>>>http://www.checkpoint.com/services/mailing.html
>>>=================================================
>>>If you have any questions on how to change your
>>>subscription options, email
>>>fw-1-owner AT ts.checkpoint DOT com
>>>=================================================
>>
>>Rajesh
>>
>>Unix System Administrator
>>State Library of NSW
>>Macquarie Street
>>Sydney - 2000
>>
>>email: rajesh AT sl.nsw.gov DOT au
>>phone: +61-2-9273-1706
>>mobile: +61-413-771-270
>>
>>=================================================
>>To set vacation, Out-Of-Office, or away messages,
>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>>in the BODY of the email add:
>>set fw-1-mailinglist nomail
>>=================================================
>>To unsubscribe from this mailing list,
>>please see the instructions at
>>http://www.checkpoint.com/services/mailing.html
>>=================================================
>>If you have any questions on how to change your
>>subscription options, email
>>fw-1-owner AT ts.checkpoint DOT com
>>=================================================
>>
>>
>>---------------------------------
>>Meet your soulmate!
>> Yahoo! Asia presents Meetic - where millions of singles gather
>>
>>=================================================
>>To set vacation, Out-Of-Office, or away messages,
>>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>>in the BODY of the email add:
>>set fw-1-mailinglist nomail
>>=================================================
>>To unsubscribe from this mailing list,
>>please see the instructions at
>>http://www.checkpoint.com/services/mailing.html
>>=================================================
>>If you have any questions on how to change your
>>subscription options, email
>>fw-1-owner AT ts.checkpoint DOT com
>>=================================================
>
>Rajesh
>
>Unix System Administrator
>State Library of NSW
>Macquarie Street
>Sydney - 2000
>
>email: rajesh AT sl.nsw.gov DOT au
>phone: +61-2-9273-1706
>mobile: +61-413-771-270
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================
>
>
>---------------------------------
>Meet your soulmate!
> Yahoo! Asia presents Meetic - where millions of singles gather
>
>=================================================
>To set vacation, Out-Of-Office, or away messages,
>send an email to LISTSERV AT amadeus.us.checkpoint DOT com
>in the BODY of the email add:
>set fw-1-mailinglist nomail
>=================================================
>To unsubscribe from this mailing list,
>please see the instructions at
>http://www.checkpoint.com/services/mailing.html
>=================================================
>If you have any questions on how to change your
>subscription options, email
>fw-1-owner AT ts.checkpoint DOT com
>=================================================

Rajesh

Unix System Administrator
State Library of NSW
Macquarie Street
Sydney - 2000

email: rajesh AT sl.nsw.gov DOT au
phone: +61-2-9273-1706
mobile: +61-413-771-270

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


---------------------------------
Meet your soulmate!
Yahoo! Asia presents Meetic - where millions of singles gather

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================

------------- End Forwarded Message -------------


Rajesh

Unix System Administrator
State Library of NSW
Macquarie Street
Sydney - 2000

email: rajesh AT sl.nsw.gov DOT au
phone: +61-2-9273-1706
mobile: +61-413-771-270

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================


---------------------------------
Do you Yahoo!?
 New and Improved Yahoo! Mail - 1GB free storage!

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================