FTP Passive Traffic from PIX thru SEF to Serv-U

[TSimons () Delphi-Tech com]

Hello All

We recently had an issue with an ftp user behind a remote PIX firewall
trying to connect to our FTP server.  Apparently the SEF was pulling back
the NAT wrapper off the traffic from the PIX and pulling out the private
address on the remote side.

Client-->[PIX/NAT]-->Internet-->[SEF/FTPd]-->Serv-U

Is this a PIX problem?

Here's the specific SEF log entry:
Mar 05 15:13:13.443 FW1 ftpd[1684]: 353 Warning: PORT command referenced a
destination (10.6.11.3) that doesn't match control channel (X.X.X.36):
possible Bounce attack?  To enforce strict PORT checking please set
"ftpd.allow_address_mismatch=False" in the config.cf file

X.X.X.36 is the outbound NAT'd IP address, not PAT
10.6.11.3 is the IP address inside the PIX

This problem is isolated to this specific PIX, others are using the ftp
server perfectly fine.

Thanks,
~Todd



__________________________________
Todd M. Simons
Senior MIS Engineer
Dell Tier 1 PA Technician 
Delphi Technology, Inc.
New Brunswick, NJ

Note: The contents of this email do not constitute a legally binding
commitment.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards