Firewalls: Re: FTP to NT Server behind FW-1

Firewalls
(January 1997)

Indexed By Thread: [Previous] [Next]

Subject:	Re: FTP to NT Server behind FW-1
From:	jonesmd @ unifiedtech . com (Mike Jones)
Date:	Thu, 30 Jan 1997 09:07:39 -0500
To:	firewalls @ GreatCircle . com, rhardin @ telerama . lm . com

Ron Hardin writes...
> I have a NT server sitting behind a FW-1 gateway.  The group that is
> responsible for the server wishes to permit FTP access.  This host is
> on a seperate enet segment off a quad port in my Sun host.  NAT is
> in force for all host behing the firewall.
> 
> When a ftp session is initiated from the outside (say with Netscape)
> the host is contacted, but the illegal IP (not xlated) and associated
> port is passed back to the browser.  Needless to say the ftp session
> fails.  Any suggestions where to look for the solution?

I think the problem is the address translation mode. You're probably using
FWXT_HIDE, which translates "on demand". I don't remember the name of 
the other mode, but you need to set up the address of the FTP server with
a "fixed" translation.

	Mike Jones
	Sr. Network Computing Advisor
	UNIFIED Technologies

Indexed By Date	Previous:	Re: checkpoint firewall-1 logs From: gary @ cicom . net (Gary Williams)
Indexed By Date	Next:	RE: Internal modems ? From: "Alberto de_la_Torre" <adelator @ tcgpo . com>
Indexed By Thread	Previous:	Re: FTP to NT Server behind FW-1 From: Ryan Russell/SYBASE <Ryan . Russell @ sybase . com>
Indexed By Thread	Next:	Re: FTP to NT Server behind FW-1 From: "Darwin L. Martinez" <darwin_martinez @ INS . COM>