Firewall Wizards mailing list archives
Re: Help - FW-1 and FTP in DMz
From: "Robert MacDonald" <rmacdonald () gfs com>
Date: Wed, 19 Apr 2000 13:38:45 -0400
Moti, You have to allow the DATA port through the firewall(generally the FTP CTRL port minus 1). Either in the policy properties(via the GUI) or explicit rules in the rulebase. You most likely have a rule already set for the first FTP server. As for the enable passive FTP(PASV), if I'm not mistaken, most browsers use PASV for data transfer. That is why they 'broke' when you switched them. Best of Luck! Robert - - Robert P. MacDonald, Network Engineer G o r d o n F o o d S e r v i c e Voice: +1.616.261.7987 email: rmacdonald () gfs com
Moti Levy <mlevy () lannet com> 4/12/00 8:42:21 AM >>>Hi All , I am runing out of idea's so You guys are my last hope. I have an ftp server in the dmz (wuftp ) I wanted to add another one (iis 4 ftp ) . I've added the machine to the objects , an made a rule which is identical to the unix ftp ( i.e ftp , ftp-data open to all ). from my lan i can connect and do everything fine. from the web i can connect no problem ( pass login and password stage ) .but when i do ls i get stuck . here's what i've tried . I've switched ip's with the wuftp stations and it also was o.k up to the point of ls . I ve checked the rules but can't find anything diffrent . another starnge thing. if i remove from the services tab of the firewll the "enable ftp port data connection " and eneble passive ftp " the iis ftp works fine but my users cannot ftp to any where outside . they connect but cannot ls download or upload files . Help ? Moti mlevy () lannet com
Current thread:
- Help - FW-1 and FTP in DMz Moti Levy (Apr 18)
- <Possible follow-ups>
- Re: Help - FW-1 and FTP in DMz Robert MacDonald (Apr 20)