Hi,
Normal-mode FTP actually opens the DATA connection from the SERVER side. If your rules
only allow dest 20 & dest 21 outbound, then the server will be blocked when it tries to
open the data connection (from port 20 to some high numbered port).
You might try using a PASSIVE mode client (like Netscape). In passive mode, both
connections are opened by the client.
Hope this helps,
mat.
Darwin Martinez wrote:
>
> All:
>
> When I ftp to a site, FW-1 allows the ftp connect (21) but then blocks the
> return data (ftp-data 20?). My rulebase allows both ftp & ftp-data from the
> internal nets outward. I'm doing NAT. After i connect, i see the actions
> taking place (cd, dir, etc.) on the FTP screen, but the responses are
> blocked by my inplicit deny rule I have (any,any,any,reject). Basically, I
> can't see the contents of the directory that has been CD'd to.
>
> Any ideas?? Thanks.
> ------------------------------------------------------------------------
> Darwin L. Martinez Email: darwin_martinez @
ins .
com
> Network Systems Engineer Site #: 404-843-5954
> International Network Services Pager: 800-INS-1-INS
> Atlanta Office
> ------------------------------------------------------------------------
--
-------------------------------------
Mathias Kolehmainen
ripper @
dataway .
com
"Now it flushes away AUTOMATICALLY!"
References:
-
ftp problem
From: Darwin Martinez <Darwin_Martinez @
INS .
COM>
|
|
