Re: Help - FW-1 and FTP in DMz

["Robert MacDonald" <rmacdonald () gfs com>]

Moti,

You have to allow the DATA port through the firewall(generally the
FTP CTRL port minus 1).

Either in the policy properties(via the GUI) or explicit rules in the rulebase.
You most likely have a rule already set for the first FTP server.

As for the enable passive FTP(PASV), if I'm not mistaken, most browsers
use PASV for data transfer. That is why they 'broke' when you switched
them.

Best of Luck!
Robert

- -
Robert P. MacDonald, Network Engineer
G o r d o n   F o o d    S e r v i c e
Voice: +1.616.261.7987 email: rmacdonald () gfs com

> > > Moti Levy <mlevy () lannet com> 4/12/00 8:42:21 AM >>>
> Hi All , 
> I am runing out of idea's so You guys are my last hope.
> I have an ftp server in the dmz (wuftp )
> I wanted to add another one (iis 4 ftp ) .
> I've added the machine to the objects , an made a rule which is identical to
> the unix ftp ( i.e ftp , ftp-data open to all ).
> from my lan i can connect and do everything fine.
> from the web i can connect no problem ( pass login and password stage ) .but
> when i do ls i get stuck .
> here's what i've tried .
> I've switched ip's with the wuftp stations and it also was o.k up to the
> point of ls .
> I ve checked the rules but can't find anything diffrent .
> another starnge thing.
> if i remove from the services tab of the firewll the "enable ftp port data
> connection " and eneble passive ftp " the iis ftp works fine but my users
> cannot ftp to any where outside . they connect but cannot ls download or
> upload files .
> Help ?
> Moti 
> mlevy () lannet com