Hello Jet,
Your post below is rather ambiguous but I'll try to answer your question.
Assumptions:
1] You want to do anonymous ftp via your netscape browser.
2] Your saying that you can do anonymous ftp to the webserver via the C:>
prompt, but not with the Netscape browser.
3] Your Netscape browser connects first to your proxy server before going
out into the Internet.
4] You want to solve your problem without bringing about other possible
security issues. (We never get enough of 'em! );^] )
Conclusions:
1] If my above assumptions are right, try to disable ftp proxying for
Netscape browser. On Netscape, go to:
Options -> Network Preferences -> Proxies
Check the Manual Proxy Configuration box and choose View to see your
setup. You might see the number 33185 on the Port window. You can try
to delete the values listed for the ftp service. (Just write down the
original numbers there before you do any deletions so that if you later
change you mind or if matters turn from bad to worse, you can simply
go back to square one.) Click on accept and then try to do want you
want to do.
2] Or better yet, go to the Properties window and make sure the rule
Enable Passive FTP Connections is set to First. (I'm doing this from
the top of my head so if I'm missing out something, kindly help us out
here.)
3] Kindly double-check if you have a rule allowing FTP and HTTP services
from your proxy server to & from the Internet and also proxy server
to & from your Win95 clients. (I do not have an idea where your proxy
caching server is, whether it is within or outside your internal net.)
Hanggang sa muli,
Drexx.
PS
As a friendly suggestion, why don't you go to www.checkpoint.com and see
how you could subscribe to their mailing list? The said list would
complement firewalls @
greatcircle .
com with more FW-1 specific discussions.
"It's a dirty job, but somebody's gotta do it." -- John Wayne
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
______
/_____/\ DEXTER D. LAGGUI
/_____\\ \ Systems Engineer, Systems Integration Group
/_____\ \\ / PHILIPPINE SYSTEMS PRODUCTS INC.
/_____/ \/ / / Penthouse, Corporate Business Center
/_____/ / \//\ 150 Paseo de Roxas Ave., Legaspi Village
\_____\//\ / / Makati City, Philippines
\_____/ / /\ /
\_____/ \\ \ Phone: (++ 63-2) 813-6453 to 55 loc. 222
\_____\ \\ Fax : (++ 63-2) 813-5834
\_____\/ Email: drexx @
pspi .
com .
ph
Pager: (++ 63-2) 1277-33615
~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~-~
|> From owner-firewalls-outgoing @
GreatCircle .
COM Wed Apr 23 19:17 GMT 1997
|> From: "Jet B. Bagadion" <solid @
mozcom .
com>
|>
|> Hello,
|>
|> We have Firewall-1 2.0c running on Solaris 2.5 on a Sparc machine using IP
|> hide feature. Rules applied on a Win95 client are allow HTTP, DNS, FTP,
|> POP, and SMTP to the webserver. We can not post to the web using the editor
|> of Netscape Navigator Gold but with Win95 ftp program, it can go through. I
|> noticed that Netscape, when contacting the host, it changes the port it
|> uses. At first, it displays, contacting webserver..... then after a
|> few seconds it then goes to contacting webserver:33185..... then it
|> would time-out. Trying again to publish, the same scenario happens but this
|> time it is contacting the webserver at port 33186. Did I miss something on
|> the rules I set on the firewall? What should I add?
|>
|> Thanks.
|>
|
|
