|
Posted by JJ on June 8, 2007, 10:28 pm
If you were Registered and logged in, you could reply and use other advanced thread options
Take care,
Ray
> SmartDefense doesn't like that my FTP put is public adresse in the PASV
> answer while it is in my DMZ with a private IP, it need that the FT
> Panswer with its private adresse and the CheckPoint swap private / public
> IP while PASV answer go across the FW.
>
>> Hello
>>
>> I have a pb with a checkpoint FW
>>
>> i have set up a FTP server on my DMZ, added a rule FTP in my FW,but
>> clients have pb in some cases
>>
>> - connexion : ok
>> - login / password : ok
>>
>> - data exchange in PORT mode : all is ok.
>>
>> - if a client try to switch to PASV mode ..the FW cut the connexion
>> when the server reply to PASV
>>
>> the log on the FW is from to the "SmartDefense" module :
>>
>> * Attack name : FTP Bounce
>> * Attack Info : IP adress mismatch in PORT/227 command - header IP
>> * different from command IP
>> * service : ftp (21)
>> * source : X.X.X.X
>> * target : X.X.X.X
>>
>> "source" is the IP of ftp client ( on internet )
>> "target" id the public IP adress of my FTP server
>>
>> When i check log on my fTP client and server :
>>
>> - last line on client before disconnect is: "PASV"
>> - last line on server is "227 Entering Passive Mode (x,x,x,x,215,36)
>> " ( x.x.x.x is public IP of my FTP server, port is in the good range
>> )
>> If i uncheck the "FTP Bounce protection" in the SMARTDEFENSE module,
>> no more pb, so i think that all rules are fine, good port are open
>> ..just this damned smartdefense pb.
>>
>> anyone have i idea on this ? is it possible to correct something ? if
>> possible, i'd prefer to reactivate this protection.
>>
>> Sorry for my english ..i don't use it very often.
>> Thanks in advance
>
| 
XML site map